Version Description
- Feature - Added $url parameter to bypass and whitelist filters.
- Tweak - Updated Multisite conditionals which determine user access to sites.
- Tweak - Moved 'v_forcelogin_redirect' filter to improve performance.
Download this release
Release Info
Developer | kevinvess |
Plugin | Force Login |
Version | 5.2 |
Comparing to | |
See all releases |
Code changes from version 5.1.1 to 5.2
- readme.txt +24 -16
- wp-force-login.php +20 -15
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=force
|
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 2.7
|
6 |
Tested up to: 4.9
|
7 |
-
Stable tag: 5.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -45,7 +45,7 @@ Upload the Force Login plugin to your site, then Activate it.
|
|
45 |
|
46 |
By default, the plugin sends visitors back to the URL they tried to visit. However, you can set a specific URL to always redirect users to by adding the following filter to your functions.php file.
|
47 |
|
48 |
-
The URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [
|
49 |
|
50 |
`
|
51 |
/**
|
@@ -54,14 +54,14 @@ The URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [si
|
|
54 |
* @return string URL to redirect to on login. Must be absolute.
|
55 |
*/
|
56 |
function my_forcelogin_redirect() {
|
57 |
-
return
|
58 |
}
|
59 |
-
add_filter('v_forcelogin_redirect', 'my_forcelogin_redirect'
|
60 |
`
|
61 |
|
62 |
= 2. How can I add exceptions for certain pages or posts? =
|
63 |
|
64 |
-
You can bypass Force Login based on any condition or specify an array of URLs to whitelist by adding either of the following filters to your functions.php file. You may also use the WordPress [Conditional Tags](
|
65 |
|
66 |
**Bypass Force Login**
|
67 |
|
@@ -69,7 +69,8 @@ You can bypass Force Login based on any condition or specify an array of URLs to
|
|
69 |
/**
|
70 |
* Bypass Force Login to allow for exceptions.
|
71 |
*
|
72 |
-
* @
|
|
|
73 |
*/
|
74 |
function my_forcelogin_bypass( $bypass ) {
|
75 |
if ( is_single() ) {
|
@@ -77,25 +78,26 @@ function my_forcelogin_bypass( $bypass ) {
|
|
77 |
}
|
78 |
return $bypass;
|
79 |
}
|
80 |
-
add_filter('v_forcelogin_bypass', 'my_forcelogin_bypass'
|
81 |
`
|
82 |
|
83 |
**Whitelist URLs**
|
84 |
|
85 |
-
Each URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [
|
86 |
|
87 |
`
|
88 |
/**
|
89 |
* Filter Force Login to allow exceptions for specific URLs.
|
90 |
*
|
91 |
-
* @
|
|
|
92 |
*/
|
93 |
function my_forcelogin_whitelist( $whitelist ) {
|
94 |
-
$whitelist[] =
|
95 |
-
$whitelist[] =
|
96 |
return $whitelist;
|
97 |
}
|
98 |
-
add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist'
|
99 |
`
|
100 |
|
101 |
= 3. How can I add exceptions for dynamic URLs? =
|
@@ -115,13 +117,14 @@ By default, the plugin blocks access to all page URLs; you may need to whitelist
|
|
115 |
/**
|
116 |
* Filter Force Login to allow exceptions for specific URLs.
|
117 |
*
|
118 |
-
* @
|
|
|
119 |
*/
|
120 |
function my_forcelogin_whitelist( $whitelist ) {
|
121 |
$whitelist[] = site_url( '/xmlrpc.php' );
|
122 |
return $whitelist;
|
123 |
}
|
124 |
-
add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist'
|
125 |
`
|
126 |
|
127 |
= 5. How do I hide the "← Back to {sitename}" link on the login screen? =
|
@@ -135,14 +138,19 @@ The WordPress login screen includes a "← Back to {sitename}" link below the lo
|
|
135 |
function my_forcelogin_hide_backtoblog() {
|
136 |
echo '<style type="text/css">#backtoblog{display:none;}</style>';
|
137 |
}
|
138 |
-
add_action('login_enqueue_scripts', 'my_forcelogin_hide_backtoblog');
|
139 |
`
|
140 |
|
141 |
|
142 |
== Changelog ==
|
143 |
|
|
|
|
|
|
|
|
|
|
|
144 |
= 5.1.1 =
|
145 |
-
*
|
146 |
|
147 |
= 5.1 =
|
148 |
* Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/aduth).
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 2.7
|
6 |
Tested up to: 4.9
|
7 |
+
Stable tag: 5.2
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
45 |
|
46 |
By default, the plugin sends visitors back to the URL they tried to visit. However, you can set a specific URL to always redirect users to by adding the following filter to your functions.php file.
|
47 |
|
48 |
+
The URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [home_url( '/mypage/' )](https://developer.wordpress.org/reference/functions/home_url/).
|
49 |
|
50 |
`
|
51 |
/**
|
54 |
* @return string URL to redirect to on login. Must be absolute.
|
55 |
*/
|
56 |
function my_forcelogin_redirect() {
|
57 |
+
return home_url( '/mypage/' );
|
58 |
}
|
59 |
+
add_filter( 'v_forcelogin_redirect', 'my_forcelogin_redirect' );
|
60 |
`
|
61 |
|
62 |
= 2. How can I add exceptions for certain pages or posts? =
|
63 |
|
64 |
+
You can bypass Force Login based on any condition or specify an array of URLs to whitelist by adding either of the following filters to your functions.php file. You may also use the WordPress [Conditional Tags](https://developer.wordpress.org/themes/references/list-of-conditional-tags/).
|
65 |
|
66 |
**Bypass Force Login**
|
67 |
|
69 |
/**
|
70 |
* Bypass Force Login to allow for exceptions.
|
71 |
*
|
72 |
+
* @param bool $bypass Whether to disable Force Login. Default false.
|
73 |
+
* @return bool
|
74 |
*/
|
75 |
function my_forcelogin_bypass( $bypass ) {
|
76 |
if ( is_single() ) {
|
78 |
}
|
79 |
return $bypass;
|
80 |
}
|
81 |
+
add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass' );
|
82 |
`
|
83 |
|
84 |
**Whitelist URLs**
|
85 |
|
86 |
+
Each URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [home_url( '/mypage/' )](https://developer.wordpress.org/reference/functions/home_url/).
|
87 |
|
88 |
`
|
89 |
/**
|
90 |
* Filter Force Login to allow exceptions for specific URLs.
|
91 |
*
|
92 |
+
* @param array $whitelist An array of URLs. Must be absolute.
|
93 |
+
* @return array
|
94 |
*/
|
95 |
function my_forcelogin_whitelist( $whitelist ) {
|
96 |
+
$whitelist[] = home_url( '/mypage/' );
|
97 |
+
$whitelist[] = home_url( '/2015/03/post-title/' );
|
98 |
return $whitelist;
|
99 |
}
|
100 |
+
add_filter( 'v_forcelogin_whitelist', 'my_forcelogin_whitelist' );
|
101 |
`
|
102 |
|
103 |
= 3. How can I add exceptions for dynamic URLs? =
|
117 |
/**
|
118 |
* Filter Force Login to allow exceptions for specific URLs.
|
119 |
*
|
120 |
+
* @param array $whitelist An array of URLs. Must be absolute.
|
121 |
+
* @return array
|
122 |
*/
|
123 |
function my_forcelogin_whitelist( $whitelist ) {
|
124 |
$whitelist[] = site_url( '/xmlrpc.php' );
|
125 |
return $whitelist;
|
126 |
}
|
127 |
+
add_filter( 'v_forcelogin_whitelist', 'my_forcelogin_whitelist' );
|
128 |
`
|
129 |
|
130 |
= 5. How do I hide the "← Back to {sitename}" link on the login screen? =
|
138 |
function my_forcelogin_hide_backtoblog() {
|
139 |
echo '<style type="text/css">#backtoblog{display:none;}</style>';
|
140 |
}
|
141 |
+
add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
142 |
`
|
143 |
|
144 |
|
145 |
== Changelog ==
|
146 |
|
147 |
+
= 5.2 =
|
148 |
+
* Feature - Added $url parameter to bypass and whitelist filters.
|
149 |
+
* Tweak - Updated Multisite conditionals which determine user access to sites.
|
150 |
+
* Tweak - Moved 'v_forcelogin_redirect' filter to improve performance.
|
151 |
+
|
152 |
= 5.1.1 =
|
153 |
+
* Fix - Improved the REST API restriction to allow alternative modes of authentication.
|
154 |
|
155 |
= 5.1 =
|
156 |
* Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/aduth).
|
wp-force-login.php
CHANGED
@@ -1,9 +1,9 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Force Login
|
4 |
-
Plugin URI:
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
-
Version: 5.
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
@@ -22,7 +22,7 @@ function v_forcelogin() {
|
|
22 |
}
|
23 |
|
24 |
// Redirect unauthorized visitors
|
25 |
-
if ( !is_user_logged_in() ) {
|
26 |
// Get URL
|
27 |
$url = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
|
28 |
$url .= '://' . $_SERVER['HTTP_HOST'];
|
@@ -32,22 +32,26 @@ function v_forcelogin() {
|
|
32 |
}
|
33 |
$url .= $_SERVER['REQUEST_URI'];
|
34 |
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
|
|
|
|
|
|
|
|
|
|
39 |
|
40 |
// Redirect
|
41 |
-
if ( preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) && !in_array($url, $whitelist) &&
|
42 |
-
|
|
|
43 |
}
|
44 |
}
|
45 |
-
|
46 |
// Only allow Multisite users access to their assigned sites
|
47 |
-
if (
|
48 |
-
|
49 |
-
if ( !is_user_member_of_blog( $current_user->ID ) && !is_super_admin() )
|
50 |
-
wp_die( __( "You're not authorized to access this site.", 'wp-force-login' ), get_option('blogname') . ' › ' . __( "Error", 'wp-force-login' ) );
|
51 |
}
|
52 |
}
|
53 |
}
|
@@ -56,11 +60,12 @@ add_action( 'template_redirect', 'v_forcelogin' );
|
|
56 |
/**
|
57 |
* Restrict REST API for authorized users only
|
58 |
*
|
|
|
59 |
* @param WP_Error|null|bool $result WP_Error if authentication error, null if authentication
|
60 |
* method wasn't used, true if authentication succeeded.
|
61 |
*/
|
62 |
function v_forcelogin_rest_access( $result ) {
|
63 |
-
if ( null === $result && !is_user_logged_in() ) {
|
64 |
return new WP_Error( 'rest_unauthorized', __( "Only authenticated users can access the REST API.", 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
|
65 |
}
|
66 |
return $result;
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Force Login
|
4 |
+
Plugin URI: https://wordpress.org/plugins/wp-force-login/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
+
Version: 5.2
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
22 |
}
|
23 |
|
24 |
// Redirect unauthorized visitors
|
25 |
+
if ( ! is_user_logged_in() ) {
|
26 |
// Get URL
|
27 |
$url = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
|
28 |
$url .= '://' . $_SERVER['HTTP_HOST'];
|
32 |
}
|
33 |
$url .= $_SERVER['REQUEST_URI'];
|
34 |
|
35 |
+
/**
|
36 |
+
* Bypass filters.
|
37 |
+
*
|
38 |
+
* @since 3.0.0 The `$whitelist` filter was added.
|
39 |
+
* @since 4.0.0 The `$bypass` filter was added.
|
40 |
+
* @since 5.2.0 The `$url` parameter was added.
|
41 |
+
*/
|
42 |
+
$bypass = apply_filters( 'v_forcelogin_bypass', false, $url );
|
43 |
+
$whitelist = apply_filters( 'v_forcelogin_whitelist', array(), $url );
|
44 |
|
45 |
// Redirect
|
46 |
+
if ( preg_replace( '/\?.*/', '', $url ) != preg_replace( '/\?.*/', '', wp_login_url() ) && ! in_array( $url, $whitelist ) && ! $bypass ) {
|
47 |
+
$redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
|
48 |
+
wp_safe_redirect( wp_login_url( $redirect_url ), 302 ); exit;
|
49 |
}
|
50 |
}
|
51 |
+
elseif ( function_exists('is_multisite') && is_multisite() ) {
|
52 |
// Only allow Multisite users access to their assigned sites
|
53 |
+
if ( ! is_user_member_of_blog() && ! current_user_can('setup_network') ) {
|
54 |
+
wp_die( __( "You're not authorized to access this site.", 'wp-force-login' ), get_option('blogname') . ' › ' . __( "Error", 'wp-force-login' ) );
|
|
|
|
|
55 |
}
|
56 |
}
|
57 |
}
|
60 |
/**
|
61 |
* Restrict REST API for authorized users only
|
62 |
*
|
63 |
+
* @since 5.1.0
|
64 |
* @param WP_Error|null|bool $result WP_Error if authentication error, null if authentication
|
65 |
* method wasn't used, true if authentication succeeded.
|
66 |
*/
|
67 |
function v_forcelogin_rest_access( $result ) {
|
68 |
+
if ( null === $result && ! is_user_logged_in() ) {
|
69 |
return new WP_Error( 'rest_unauthorized', __( "Only authenticated users can access the REST API.", 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
|
70 |
}
|
71 |
return $result;
|