Version Description
- Tweak - Improved the REST API restriction to allow alternative modes of authentication.
Download this release
Release Info
| Developer | kevinvess |
| Plugin |  Force Login |
| Version | 5.1.1 |
| Comparing to | |
| See all releases | |
Code changes from version 5.1 to 5.1.1
- readme.txt +5 -4
- wp-force-login.php +7 -4
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=force
|
|
| 4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
| 5 |
Requires at least: 2.7
|
| 6 |
Tested up to: 4.9
|
| 7 |
-
Stable tag: 5.1
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -24,6 +24,7 @@ Make your website private until it's ready to share publicly, or keep it private
|
|
| 24 |
- Extensive Developer API (hooks & filters).
|
| 25 |
- Customizable. Set a specific URL to always redirect to on login.
|
| 26 |
- Filter exceptions for certain pages or posts.
|
|
|
|
| 27 |
- Translation Ready & WPML certified.
|
| 28 |
|
| 29 |
**Bug Reports**
|
|
@@ -140,6 +141,9 @@ add_action('login_enqueue_scripts', 'my_forcelogin_hide_backtoblog');
|
|
| 140 |
|
| 141 |
== Changelog ==
|
| 142 |
|
|
|
|
|
|
|
|
|
|
| 143 |
= 5.1 =
|
| 144 |
* Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/aduth).
|
| 145 |
* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
|
|
@@ -210,6 +214,3 @@ New features: added filters for customizing the plugin.
|
|
| 210 |
|
| 211 |
= 2.0 =
|
| 212 |
New feature: added redirect to send visitors back to the URL they tried to visit after logging-in.
|
| 213 |
-
|
| 214 |
-
= 1.3 =
|
| 215 |
-
Fixes bug with password reset URL from being blocked.
|
| 4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
| 5 |
Requires at least: 2.7
|
| 6 |
Tested up to: 4.9
|
| 7 |
+
Stable tag: 5.1.1
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 24 |
- Extensive Developer API (hooks & filters).
|
| 25 |
- Customizable. Set a specific URL to always redirect to on login.
|
| 26 |
- Filter exceptions for certain pages or posts.
|
| 27 |
+
- Restrict REST API to authenticated users.
|
| 28 |
- Translation Ready & WPML certified.
|
| 29 |
|
| 30 |
**Bug Reports**
|
| 141 |
|
| 142 |
== Changelog ==
|
| 143 |
|
| 144 |
+
= 5.1.1 =
|
| 145 |
+
* Tweak - Improved the REST API restriction to allow alternative modes of authentication.
|
| 146 |
+
|
| 147 |
= 5.1 =
|
| 148 |
* Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/aduth).
|
| 149 |
* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
|
| 214 |
|
| 215 |
= 2.0 =
|
| 216 |
New feature: added redirect to send visitors back to the URL they tried to visit after logging-in.
|
|
|
|
|
|
|
|
|
wp-force-login.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Force Login
|
| 4 |
Plugin URI: http://vess.me/
|
| 5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
| 6 |
-
Version: 5.1
|
| 7 |
Author: Kevin Vess
|
| 8 |
Author URI: http://vess.me/
|
| 9 |
|
|
@@ -53,16 +53,19 @@ function v_forcelogin() {
|
|
| 53 |
}
|
| 54 |
add_action( 'template_redirect', 'v_forcelogin' );
|
| 55 |
|
| 56 |
-
|
| 57 |
* Restrict REST API for authorized users only
|
|
|
|
|
|
|
|
|
|
| 58 |
*/
|
| 59 |
function v_forcelogin_rest_access( $result ) {
|
| 60 |
-
if ( !is_user_logged_in() ) {
|
| 61 |
return new WP_Error( 'rest_unauthorized', __( "Only authenticated users can access the REST API.", 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
|
| 62 |
}
|
| 63 |
return $result;
|
| 64 |
}
|
| 65 |
-
add_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access' );
|
| 66 |
|
| 67 |
/*
|
| 68 |
* Localization
|
| 3 |
Plugin Name: Force Login
|
| 4 |
Plugin URI: http://vess.me/
|
| 5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
| 6 |
+
Version: 5.1.1
|
| 7 |
Author: Kevin Vess
|
| 8 |
Author URI: http://vess.me/
|
| 9 |
|
| 53 |
}
|
| 54 |
add_action( 'template_redirect', 'v_forcelogin' );
|
| 55 |
|
| 56 |
+
/**
|
| 57 |
* Restrict REST API for authorized users only
|
| 58 |
+
*
|
| 59 |
+
* @param WP_Error|null|bool $result WP_Error if authentication error, null if authentication
|
| 60 |
+
* method wasn't used, true if authentication succeeded.
|
| 61 |
*/
|
| 62 |
function v_forcelogin_rest_access( $result ) {
|
| 63 |
+
if ( null === $result && !is_user_logged_in() ) {
|
| 64 |
return new WP_Error( 'rest_unauthorized', __( "Only authenticated users can access the REST API.", 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
|
| 65 |
}
|
| 66 |
return $result;
|
| 67 |
}
|
| 68 |
+
add_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 );
|
| 69 |
|
| 70 |
/*
|
| 71 |
* Localization
|
