Version Description
- Feature - Added nocache_headers() to prevent caching for the different browsers - props Chris Harmoney.
- Tweak - Removed $url parameter from whitelist filter.
Download this release
Release Info
Developer | kevinvess |
Plugin | Force Login |
Version | 5.3 |
Comparing to | |
See all releases |
Code changes from version 5.2 to 5.3
- readme.txt +6 -2
- wp-force-login.php +44 -41
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: kevinvess
|
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 2.7
|
6 |
-
Tested up to:
|
7 |
-
Stable tag: 5.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -144,6 +144,10 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
|
144 |
|
145 |
== Changelog ==
|
146 |
|
|
|
|
|
|
|
|
|
147 |
= 5.2 =
|
148 |
* Feature - Added $url parameter to bypass and whitelist filters.
|
149 |
* Tweak - Updated Multisite conditionals which determine user access to sites.
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 2.7
|
6 |
+
Tested up to: 5.0
|
7 |
+
Stable tag: 5.3
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
144 |
|
145 |
== Changelog ==
|
146 |
|
147 |
+
= 5.3 =
|
148 |
+
* Feature - Added nocache_headers() to prevent caching for the different browsers - props [Chris Harmoney](https://github.com/charmoney).
|
149 |
+
* Tweak - Removed $url parameter from whitelist filter.
|
150 |
+
|
151 |
= 5.2 =
|
152 |
* Feature - Added $url parameter to bypass and whitelist filters.
|
153 |
* Tweak - Updated Multisite conditionals which determine user access to sites.
|
wp-force-login.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: https://wordpress.org/plugins/wp-force-login/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
-
Version: 5.
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
@@ -16,44 +16,47 @@ License URI: https://www.gnu.org/licenses/gpl-2.0.html
|
|
16 |
|
17 |
function v_forcelogin() {
|
18 |
|
19 |
-
|
20 |
-
|
21 |
-
|
22 |
-
|
23 |
|
24 |
-
|
25 |
-
|
26 |
-
|
27 |
-
|
28 |
-
|
29 |
-
|
30 |
-
|
31 |
-
|
32 |
-
|
33 |
-
|
34 |
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
|
40 |
-
|
41 |
-
|
42 |
-
|
43 |
-
|
44 |
|
45 |
-
|
46 |
-
|
47 |
-
|
48 |
-
|
49 |
-
|
50 |
-
|
51 |
-
|
52 |
-
|
53 |
-
|
54 |
-
|
55 |
-
|
56 |
-
|
|
|
|
|
|
|
57 |
}
|
58 |
add_action( 'template_redirect', 'v_forcelogin' );
|
59 |
|
@@ -65,10 +68,10 @@ add_action( 'template_redirect', 'v_forcelogin' );
|
|
65 |
* method wasn't used, true if authentication succeeded.
|
66 |
*/
|
67 |
function v_forcelogin_rest_access( $result ) {
|
68 |
-
|
69 |
-
|
70 |
-
|
71 |
-
|
72 |
}
|
73 |
add_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 );
|
74 |
|
@@ -76,6 +79,6 @@ add_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 );
|
|
76 |
* Localization
|
77 |
*/
|
78 |
function v_forcelogin_load_textdomain() {
|
79 |
-
|
80 |
}
|
81 |
add_action( 'plugins_loaded', 'v_forcelogin_load_textdomain' );
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: https://wordpress.org/plugins/wp-force-login/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
+
Version: 5.3
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
16 |
|
17 |
function v_forcelogin() {
|
18 |
|
19 |
+
// Exceptions for AJAX, Cron, or WP-CLI requests
|
20 |
+
if ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || ( defined( 'DOING_CRON' ) && DOING_CRON ) || ( defined( 'WP_CLI' ) && WP_CLI ) ) {
|
21 |
+
return;
|
22 |
+
}
|
23 |
|
24 |
+
// Redirect unauthorized visitors
|
25 |
+
if ( ! is_user_logged_in() ) {
|
26 |
+
// Get visited URL
|
27 |
+
$url = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
|
28 |
+
$url .= '://' . $_SERVER['HTTP_HOST'];
|
29 |
+
// port is prepopulated here sometimes
|
30 |
+
if ( strpos( $_SERVER['HTTP_HOST'], ':' ) === FALSE ) {
|
31 |
+
$url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
|
32 |
+
}
|
33 |
+
$url .= $_SERVER['REQUEST_URI'];
|
34 |
|
35 |
+
/**
|
36 |
+
* Bypass filters.
|
37 |
+
*
|
38 |
+
* @since 3.0.0 The `$whitelist` filter was added.
|
39 |
+
* @since 4.0.0 The `$bypass` filter was added.
|
40 |
+
* @since 5.2.0 The `$url` parameter was added.
|
41 |
+
*/
|
42 |
+
$bypass = apply_filters( 'v_forcelogin_bypass', false, $url );
|
43 |
+
$whitelist = apply_filters( 'v_forcelogin_whitelist', array() );
|
44 |
|
45 |
+
if ( preg_replace( '/\?.*/', '', $url ) !== preg_replace( '/\?.*/', '', wp_login_url() ) && ! $bypass && ! in_array( $url, $whitelist ) ) {
|
46 |
+
// Determine redirect URL
|
47 |
+
$redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
|
48 |
+
// Set the headers to prevent caching
|
49 |
+
nocache_headers();
|
50 |
+
// Redirect
|
51 |
+
wp_safe_redirect( wp_login_url( $redirect_url ), 302 ); exit;
|
52 |
+
}
|
53 |
+
}
|
54 |
+
elseif ( function_exists('is_multisite') && is_multisite() ) {
|
55 |
+
// Only allow Multisite users access to their assigned sites
|
56 |
+
if ( ! is_user_member_of_blog() && ! current_user_can('setup_network') ) {
|
57 |
+
wp_die( __( "You're not authorized to access this site.", 'wp-force-login' ), get_option('blogname') . ' › ' . __( "Error", 'wp-force-login' ) );
|
58 |
+
}
|
59 |
+
}
|
60 |
}
|
61 |
add_action( 'template_redirect', 'v_forcelogin' );
|
62 |
|
68 |
* method wasn't used, true if authentication succeeded.
|
69 |
*/
|
70 |
function v_forcelogin_rest_access( $result ) {
|
71 |
+
if ( null === $result && ! is_user_logged_in() ) {
|
72 |
+
return new WP_Error( 'rest_unauthorized', __( "Only authenticated users can access the REST API.", 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
|
73 |
+
}
|
74 |
+
return $result;
|
75 |
}
|
76 |
add_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 );
|
77 |
|
79 |
* Localization
|
80 |
*/
|
81 |
function v_forcelogin_load_textdomain() {
|
82 |
+
load_plugin_textdomain( 'wp-force-login', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/' );
|
83 |
}
|
84 |
add_action( 'plugins_loaded', 'v_forcelogin_load_textdomain' );
|