Version Description
- Tweak - Deprecated whitelist filter, use v_forcelogin_bypass instead.
Download this release
Release Info
Developer | kevinvess |
Plugin | Force Login |
Version | 5.5 |
Comparing to | |
See all releases |
Code changes from version 5.4 to 5.5
- readme.txt +34 -66
- wp-force-login.php +19 -8
readme.txt
CHANGED
@@ -2,9 +2,9 @@
|
|
2 |
Contributors: kevinvess
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
-
Requires at least:
|
6 |
-
Tested up to: 5.
|
7 |
-
Stable tag: 5.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -41,64 +41,42 @@ Upload the Force Login plugin to your site, then Activate it.
|
|
41 |
|
42 |
== Frequently Asked Questions ==
|
43 |
|
44 |
-
= 1. How can I specify a
|
45 |
|
46 |
-
By default, the plugin sends visitors back to the URL they tried to
|
47 |
-
|
48 |
-
The URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [home_url( '/mypage/' )](https://developer.wordpress.org/reference/functions/home_url/).
|
49 |
-
|
50 |
-
`
|
51 |
-
/**
|
52 |
-
* Set the URL to redirect to on login.
|
53 |
-
*
|
54 |
-
* @param string $url The visited URL.
|
55 |
-
* @return string The URL to redirect to on login. Must be absolute.
|
56 |
-
*/
|
57 |
-
function my_forcelogin_redirect( $url ) {
|
58 |
-
return home_url( '/mypage/' );
|
59 |
-
}
|
60 |
-
add_filter( 'v_forcelogin_redirect', 'my_forcelogin_redirect' );
|
61 |
-
`
|
62 |
|
63 |
= 2. How can I add exceptions for certain pages or posts? =
|
64 |
|
65 |
-
You can bypass Force Login based on any condition or specify an array of URLs to
|
66 |
|
67 |
-
|
68 |
|
69 |
`
|
70 |
/**
|
71 |
* Bypass Force Login to allow for exceptions.
|
72 |
*
|
73 |
* @param bool $bypass Whether to disable Force Login. Default false.
|
|
|
74 |
* @return bool
|
75 |
*/
|
76 |
-
function my_forcelogin_bypass( $bypass ) {
|
|
|
77 |
if ( is_single() ) {
|
78 |
$bypass = true;
|
79 |
}
|
80 |
-
return $bypass;
|
81 |
-
}
|
82 |
-
add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass' );
|
83 |
-
`
|
84 |
-
|
85 |
-
**Whitelist URLs**
|
86 |
|
87 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
88 |
|
89 |
-
|
90 |
-
/**
|
91 |
-
* Filter Force Login to allow exceptions for specific URLs.
|
92 |
-
*
|
93 |
-
* @param array $whitelist An array of URLs. Must be absolute.
|
94 |
-
* @return array
|
95 |
-
*/
|
96 |
-
function my_forcelogin_whitelist( $whitelist ) {
|
97 |
-
$whitelist[] = home_url( '/mypage/' );
|
98 |
-
$whitelist[] = home_url( '/2015/03/post-title/' );
|
99 |
-
return $whitelist;
|
100 |
}
|
101 |
-
add_filter( '
|
102 |
`
|
103 |
|
104 |
= 3. How can I add exceptions for dynamic URLs? =
|
@@ -106,29 +84,13 @@ add_filter( 'v_forcelogin_whitelist', 'my_forcelogin_whitelist' );
|
|
106 |
Some URLs have unique query strings appended to the end of it, which is composed of a series of parameter-value pairs.
|
107 |
|
108 |
For example:
|
109 |
-
<http://example.com/mypage/?parameter=value>
|
110 |
-
|
111 |
-
Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Whitelist-Dynamic-URLs) for examples of the different methods for whitelisting dynamic URLs.
|
112 |
-
|
113 |
-
= 4. How do I get the WordPress mobile app to work? =
|
114 |
-
|
115 |
-
By default, the plugin blocks access to all page URLs; you may need to whitelist the XML-RPC page to allow the WordPress app to access your site for remote publishing.
|
116 |
-
|
117 |
`
|
118 |
-
|
119 |
-
* Filter Force Login to allow exceptions for specific URLs.
|
120 |
-
*
|
121 |
-
* @param array $whitelist An array of URLs. Must be absolute.
|
122 |
-
* @return array
|
123 |
-
*/
|
124 |
-
function my_forcelogin_whitelist( $whitelist ) {
|
125 |
-
$whitelist[] = site_url( '/xmlrpc.php' );
|
126 |
-
return $whitelist;
|
127 |
-
}
|
128 |
-
add_filter( 'v_forcelogin_whitelist', 'my_forcelogin_whitelist' );
|
129 |
`
|
130 |
|
131 |
-
|
|
|
|
|
132 |
|
133 |
The WordPress login screen includes a "← Back to {sitename}" link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.
|
134 |
|
@@ -145,6 +107,9 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
|
145 |
|
146 |
== Changelog ==
|
147 |
|
|
|
|
|
|
|
148 |
= 5.4 =
|
149 |
* Tweak - Improved the visited $url variable.
|
150 |
* Tweak - Changed code to comply with WordPress standards - props [Alex Bordei](https://github.com/kevinvess/wp-force-login/pull/43).
|
@@ -166,7 +131,7 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
|
166 |
* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
|
167 |
|
168 |
= 5.0 =
|
169 |
-
* Feature - Added filter to bypass Force Login redirect for
|
170 |
* Tweak - Changed the hook for Force Login to run at a later stage in the WordPress tree.
|
171 |
* Fix - Replaced deprecated function - props [Just-Johnny](https://github.com/kevinvess/wp-force-login/issues/26).
|
172 |
|
@@ -190,14 +155,14 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
|
190 |
* Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/kevinvess/wp-force-login/issues/7).
|
191 |
|
192 |
= 3.0 =
|
193 |
-
* Feature - Added filter
|
194 |
* Feature - Added filter to allow whitelisting of additional URLs.
|
195 |
|
196 |
= 2.1 =
|
197 |
* Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](https://wordpress.org/support/topic/infinite-loop-when-server-port-is-not-standard/).
|
198 |
|
199 |
= 2.0 =
|
200 |
-
* Feature - Added redirect to send visitors back to the URL they tried to visit
|
201 |
|
202 |
= 1.3 =
|
203 |
* Fix - Fixed password reset URL from being blocked - props [estebillan](https://wordpress.org/support/topic/password-reset-url-is-blocked/).
|
@@ -206,11 +171,14 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
|
206 |
* Tweak - Streamlined code
|
207 |
|
208 |
= 1.1 =
|
209 |
-
* Fix -
|
210 |
|
211 |
|
212 |
== Upgrade Notice ==
|
213 |
|
|
|
|
|
|
|
214 |
= 5.1 =
|
215 |
Restricts access to the REST API for authorized users only.
|
216 |
|
2 |
Contributors: kevinvess
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
+
Requires at least: 4.6
|
6 |
+
Tested up to: 5.5
|
7 |
+
Stable tag: 5.5
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
41 |
|
42 |
== Frequently Asked Questions ==
|
43 |
|
44 |
+
= 1. How can I specify a redirect URL on login? =
|
45 |
|
46 |
+
By default, the plugin sends visitors back to the URL they tried to access. However, you can redirect users to a specific URL by adding the built-in WordPress filter [login_redirect](https://developer.wordpress.org/reference/hooks/login_redirect/) to your functions.php file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47 |
|
48 |
= 2. How can I add exceptions for certain pages or posts? =
|
49 |
|
50 |
+
You can bypass Force Login based on any condition or specify an array of URLs to allow by adding the following filter to your functions.php file.
|
51 |
|
52 |
+
You may also use the WordPress [Conditional Tags](https://developer.wordpress.org/themes/references/list-of-conditional-tags/).
|
53 |
|
54 |
`
|
55 |
/**
|
56 |
* Bypass Force Login to allow for exceptions.
|
57 |
*
|
58 |
* @param bool $bypass Whether to disable Force Login. Default false.
|
59 |
+
* @param string $visited_url The visited URL.
|
60 |
* @return bool
|
61 |
*/
|
62 |
+
function my_forcelogin_bypass( $bypass, $visited_url ) {
|
63 |
+
// Allow all single posts
|
64 |
if ( is_single() ) {
|
65 |
$bypass = true;
|
66 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
67 |
|
68 |
+
// Allow these absolute URLs
|
69 |
+
$allowed = array(
|
70 |
+
home_url( '/mypage/' ),
|
71 |
+
home_url( '/2015/03/post-title/' ),
|
72 |
+
);
|
73 |
+
if ( ! $bypass ) {
|
74 |
+
$bypass = in_array( $visited_url, $allowed );
|
75 |
+
}
|
76 |
|
77 |
+
return $bypass;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
78 |
}
|
79 |
+
add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass', 10, 2 );
|
80 |
`
|
81 |
|
82 |
= 3. How can I add exceptions for dynamic URLs? =
|
84 |
Some URLs have unique query strings appended to the end of it, which is composed of a series of parameter-value pairs.
|
85 |
|
86 |
For example:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
87 |
`
|
88 |
+
//example.com/mypage/?parameter=value
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
89 |
`
|
90 |
|
91 |
+
Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Bypass-Dynamic-URLs) for examples of the different methods for allowing dynamic URLs.
|
92 |
+
|
93 |
+
= 4. How do I hide the "← Back to {sitename}" link? =
|
94 |
|
95 |
The WordPress login screen includes a "← Back to {sitename}" link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.
|
96 |
|
107 |
|
108 |
== Changelog ==
|
109 |
|
110 |
+
= 5.5 =
|
111 |
+
* Tweak - Deprecated whitelist filter, use v_forcelogin_bypass instead.
|
112 |
+
|
113 |
= 5.4 =
|
114 |
* Tweak - Improved the visited $url variable.
|
115 |
* Tweak - Changed code to comply with WordPress standards - props [Alex Bordei](https://github.com/kevinvess/wp-force-login/pull/43).
|
131 |
* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
|
132 |
|
133 |
= 5.0 =
|
134 |
+
* Feature - Added filter to bypass Force Login redirect for allowing pages without specifying a URL.
|
135 |
* Tweak - Changed the hook for Force Login to run at a later stage in the WordPress tree.
|
136 |
* Fix - Replaced deprecated function - props [Just-Johnny](https://github.com/kevinvess/wp-force-login/issues/26).
|
137 |
|
155 |
* Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/kevinvess/wp-force-login/issues/7).
|
156 |
|
157 |
= 3.0 =
|
158 |
+
* Feature - Added filter for the redirect URL on login.
|
159 |
* Feature - Added filter to allow whitelisting of additional URLs.
|
160 |
|
161 |
= 2.1 =
|
162 |
* Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](https://wordpress.org/support/topic/infinite-loop-when-server-port-is-not-standard/).
|
163 |
|
164 |
= 2.0 =
|
165 |
+
* Feature - Added redirect to send visitors back to the URL they tried to visit before logging in.
|
166 |
|
167 |
= 1.3 =
|
168 |
* Fix - Fixed password reset URL from being blocked - props [estebillan](https://wordpress.org/support/topic/password-reset-url-is-blocked/).
|
171 |
* Tweak - Streamlined code
|
172 |
|
173 |
= 1.1 =
|
174 |
+
* Fix - Allow access to the registration and the lost password page URLs - props [jabdo](http://profiles.wordpress.org/jabdo).
|
175 |
|
176 |
|
177 |
== Upgrade Notice ==
|
178 |
|
179 |
+
= 5.5 =
|
180 |
+
Deprecated whitelist filter, use v_forcelogin_bypass instead.
|
181 |
+
|
182 |
= 5.1 =
|
183 |
Restricts access to the REST API for authorized users only.
|
184 |
|
wp-force-login.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: https://wordpress.org/plugins/wp-force-login/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
-
Version: 5.
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
@@ -28,16 +28,27 @@ function v_forcelogin() {
|
|
28 |
$url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
29 |
|
30 |
/**
|
31 |
-
*
|
32 |
*
|
33 |
-
* @since 3.0.0
|
34 |
-
* @
|
35 |
-
*
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
36 |
*/
|
37 |
-
$bypass
|
38 |
-
$whitelist = apply_filters( 'v_forcelogin_whitelist', array() );
|
39 |
|
40 |
-
if ( preg_replace( '/\?.*/', '', $url ) !== preg_replace( '/\?.*/', '', wp_login_url() ) && ! $bypass
|
41 |
// Determine redirect URL
|
42 |
$redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
|
43 |
// Set the headers to prevent caching
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: https://wordpress.org/plugins/wp-force-login/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
+
Version: 5.5
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
28 |
$url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
29 |
|
30 |
/**
|
31 |
+
* Whitelist filter.
|
32 |
*
|
33 |
+
* @since 3.0.0
|
34 |
+
* @deprecated 5.5.0 Use {@see 'v_forcelogin_bypass'} instead.
|
35 |
+
*
|
36 |
+
* @param array An array of absolute URLs.
|
37 |
+
*/
|
38 |
+
$allowed = apply_filters_deprecated( 'v_forcelogin_whitelist', array( array() ), '5.5.0', 'v_forcelogin_bypass' );
|
39 |
+
|
40 |
+
/**
|
41 |
+
* Bypass filter.
|
42 |
+
*
|
43 |
+
* @since 5.0.0
|
44 |
+
* @since 5.2.0 Added the `$url` parameter.
|
45 |
+
*
|
46 |
+
* @param bool Whether to disable Force Login. Default false.
|
47 |
+
* @param string $url The visited URL.
|
48 |
*/
|
49 |
+
$bypass = apply_filters( 'v_forcelogin_bypass', in_array( $url, $allowed ), $url );
|
|
|
50 |
|
51 |
+
if ( preg_replace( '/\?.*/', '', $url ) !== preg_replace( '/\?.*/', '', wp_login_url() ) && ! $bypass ) {
|
52 |
// Determine redirect URL
|
53 |
$redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
|
54 |
// Set the headers to prevent caching
|