Force Login - Version 5.5

Version Description

Tweak - Deprecated whitelist filter, use v_forcelogin_bypass instead.

Release Info

Developer	kevinvess
Plugin	Force Login
Version	5.5
Comparing to
See all releases

Code changes from version 5.4 to 5.5

Files changed (2) hide show

readme.txt +34 -66
wp-force-login.php +19 -8

readme.txt CHANGED Viewed

	@@ -2,9 +2,9 @@
2	Contributors: kevinvess
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
5	- Requires at least: 2.7
6	- Tested up to: 5.4
7	- Stable tag: 5.4
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -41,64 +41,42 @@ Upload the Force Login plugin to your site, then Activate it.
41
42	== Frequently Asked Questions ==
43
44	- = 1. How can I specify a ~~URL to~~ redirect to on login? =
45
46	- By default, the plugin sends visitors back to the URL they tried to ~~visit~~. However, you can ~~set~~ a specific URL ~~to always redirect users to~~ by adding the ~~following~~ filter to your functions.php file.
47	-
48	- The URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [home_url( '/mypage/' )](https://developer.wordpress.org/reference/functions/home_url/).
49	-
50	- `
51	- /**
52	- * Set the URL to redirect to on login.
53	- *
54	- * @param string $url The visited URL.
55	- * @return string The URL to redirect to on login. Must be absolute.
56	- */
57	- function my_forcelogin_redirect( $url ) {
58	- return home_url( '/mypage/' );
59	- }
60	- add_filter( 'v_forcelogin_redirect', 'my_forcelogin_redirect' );
61	- `
62
63	= 2. How can I add exceptions for certain pages or posts? =
64
65	- You can bypass Force Login based on any condition or specify an array of URLs to ~~whitelist~~ by adding ~~either of~~ the following ~~filters~~ to your functions.php file. ~~You may also use the WordPress [Conditional Tags](https://developer.wordpress.org/themes/references/list-of-conditional-tags/).~~
66
67	- Bypass ~~Force~~ Login
68
69	`
70	/**
71	* Bypass Force Login to allow for exceptions.
72	*
73	* @param bool $bypass Whether to disable Force Login. Default false.

74	* @return bool
75	*/
76	- function my_forcelogin_bypass( $bypass ) {

77	if ( is_single() ) {
78	$bypass = true;
79	}
80	- return $bypass;
81	- }
82	- add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass' );
83	- `
84	-
85	- Whitelist URLs
86
87	- ~~Each~~ ~~URL~~ ~~must~~ be absolute ~~(as in, <http://example.com/mypage/>). Recommended: [home_url( '/mypage/' )](https://developer.wordpress.org/reference/functions/home_url/).~~







88
89	- `
90	- /**
91	- * Filter Force Login to allow exceptions for specific URLs.
92	- *
93	- * @param array $whitelist An array of URLs. Must be absolute.
94	- * @return array
95	- */
96	- function my_forcelogin_whitelist( $whitelist ) {
97	- $whitelist[] = home_url( '/mypage/' );
98	- $whitelist[] = home_url( '/2015/03/post-title/' );
99	- return $whitelist;
100	}
101	- add_filter( '~~v_forcelogin_whitelist~~', '~~my_forcelogin_whitelist~~' );
102	`
103
104	= 3. How can I add exceptions for dynamic URLs? =
	@@ -106,29 +84,13 @@ add_filter( 'v_forcelogin_whitelist', 'my_forcelogin_whitelist' );
106	Some URLs have unique query strings appended to the end of it, which is composed of a series of parameter-value pairs.
107
108	For example:
109	- <http://example.com/mypage/?parameter=value>
110	-
111	- Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Whitelist-Dynamic-URLs) for examples of the different methods for whitelisting dynamic URLs.
112	-
113	- = 4. How do I get the WordPress mobile app to work? =
114	-
115	- By default, the plugin blocks access to all page URLs; you may need to whitelist the XML-RPC page to allow the WordPress app to access your site for remote publishing.
116	-
117	`
118	- /**
119	- * Filter Force Login to allow exceptions for specific URLs.
120	- *
121	- * @param array $whitelist An array of URLs. Must be absolute.
122	- * @return array
123	- */
124	- function my_forcelogin_whitelist( $whitelist ) {
125	- $whitelist[] = site_url( '/xmlrpc.php' );
126	- return $whitelist;
127	- }
128	- add_filter( 'v_forcelogin_whitelist', 'my_forcelogin_whitelist' );
129	`
130
131	- = 5. ~~How~~ do I ~~hide~~ ~~the~~ "← ~~Back~~ to ~~{sitename}"~~ ~~link~~ on ~~the~~ ~~login~~ ~~screen?~~ =


132
133	The WordPress login screen includes a "← Back to {sitename}" link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.
134
	@@ -145,6 +107,9 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
145
146	== Changelog ==
147



148	= 5.4 =
149	* Tweak - Improved the visited $url variable.
150	* Tweak - Changed code to comply with WordPress standards - props [Alex Bordei](https://github.com/kevinvess/wp-force-login/pull/43).
	@@ -166,7 +131,7 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
166	* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
167
168	= 5.0 =
169	- * Feature - Added filter to bypass Force Login redirect for ~~whitelisting~~ pages without specifying a URL.
170	* Tweak - Changed the hook for Force Login to run at a later stage in the WordPress tree.
171	* Fix - Replaced deprecated function - props [Just-Johnny](https://github.com/kevinvess/wp-force-login/issues/26).
172
	@@ -190,14 +155,14 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
190	* Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/kevinvess/wp-force-login/issues/7).
191
192	= 3.0 =
193	- * Feature - Added filter to ~~set~~ a ~~specific~~ URL ~~to redirect to~~ on login.
194	* Feature - Added filter to allow whitelisting of additional URLs.
195
196	= 2.1 =
197	* Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](https://wordpress.org/support/topic/infinite-loop-when-server-port-is-not-standard/).
198
199	= 2.0 =
200	- * Feature - Added redirect to send visitors back to the URL they tried to visit ~~after~~ logging in.
201
202	= 1.3 =
203	* Fix - Fixed password reset URL from being blocked - props [estebillan](https://wordpress.org/support/topic/password-reset-url-is-blocked/).
	@@ -206,11 +171,14 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
206	* Tweak - Streamlined code
207
208	= 1.1 =
209	- * Fix - ~~Whitelisted~~ the registration ~~page~~ and the ~~Lost~~ ~~Password~~ page - props [jabdo](http://profiles.wordpress.org/jabdo).
210
211
212	== Upgrade Notice ==
213



214	= 5.1 =
215	Restricts access to the REST API for authorized users only.
216


2	Contributors: kevinvess
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
5	+ Requires at least: 4.6
6	+ Tested up to: 5.5
7	+ Stable tag: 5.5
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

41
42	== Frequently Asked Questions ==
43
44	+ = 1. How can I specify a redirect URL on login? =
45
46	+ By default, the plugin sends visitors back to the URL they tried to access. However, you can redirect users to a specific URL by adding the built-in WordPress filter [login_redirect](https://developer.wordpress.org/reference/hooks/login_redirect/) to your functions.php file.















47
48	= 2. How can I add exceptions for certain pages or posts? =
49
50	+ You can bypass Force Login based on any condition or specify an array of URLs to allow by adding the following filter to your functions.php file.
51
52	+ You may also use the WordPress [Conditional Tags](https://developer.wordpress.org/themes/references/list-of-conditional-tags/).
53
54	`
55	/**
56	* Bypass Force Login to allow for exceptions.
57	*
58	* @param bool $bypass Whether to disable Force Login. Default false.
59	+ * @param string $visited_url The visited URL.
60	* @return bool
61	*/
62	+ function my_forcelogin_bypass( $bypass, $visited_url ) {
63	+ // Allow all single posts
64	if ( is_single() ) {
65	$bypass = true;
66	}






67
68	+ // Allow these absolute URLs
69	+ $allowed = array(
70	+ home_url( '/mypage/' ),
71	+ home_url( '/2015/03/post-title/' ),
72	+ );
73	+ if ( ! $bypass ) {
74	+ $bypass = in_array( $visited_url, $allowed );
75	+ }
76
77	+ return $bypass;










78	}
79	+ add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass', 10, 2 );
80	`
81
82	= 3. How can I add exceptions for dynamic URLs? =

84	Some URLs have unique query strings appended to the end of it, which is composed of a series of parameter-value pairs.
85
86	For example:








87	`
88	+ //example.com/mypage/?parameter=value










89	`
90
91	+ Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Bypass-Dynamic-URLs) for examples of the different methods for allowing dynamic URLs.
92	+
93	+ = 4. How do I hide the "← Back to {sitename}" link? =
94
95	The WordPress login screen includes a "← Back to {sitename}" link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.
96

107
108	== Changelog ==
109
110	+ = 5.5 =
111	+ * Tweak - Deprecated whitelist filter, use v_forcelogin_bypass instead.
112	+
113	= 5.4 =
114	* Tweak - Improved the visited $url variable.
115	* Tweak - Changed code to comply with WordPress standards - props [Alex Bordei](https://github.com/kevinvess/wp-force-login/pull/43).

131	* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
132
133	= 5.0 =
134	+ * Feature - Added filter to bypass Force Login redirect for allowing pages without specifying a URL.
135	* Tweak - Changed the hook for Force Login to run at a later stage in the WordPress tree.
136	* Fix - Replaced deprecated function - props [Just-Johnny](https://github.com/kevinvess/wp-force-login/issues/26).
137

155	* Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/kevinvess/wp-force-login/issues/7).
156
157	= 3.0 =
158	+ * Feature - Added filter for the redirect URL on login.
159	* Feature - Added filter to allow whitelisting of additional URLs.
160
161	= 2.1 =
162	* Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](https://wordpress.org/support/topic/infinite-loop-when-server-port-is-not-standard/).
163
164	= 2.0 =
165	+ * Feature - Added redirect to send visitors back to the URL they tried to visit before logging in.
166
167	= 1.3 =
168	* Fix - Fixed password reset URL from being blocked - props [estebillan](https://wordpress.org/support/topic/password-reset-url-is-blocked/).

171	* Tweak - Streamlined code
172
173	= 1.1 =
174	+ * Fix - Allow access to the registration and the lost password page URLs - props [jabdo](http://profiles.wordpress.org/jabdo).
175
176
177	== Upgrade Notice ==
178
179	+ = 5.5 =
180	+ Deprecated whitelist filter, use v_forcelogin_bypass instead.
181	+
182	= 5.1 =
183	Restricts access to the REST API for authorized users only.
184

wp-force-login.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Force Login
4	Plugin URI: https://wordpress.org/plugins/wp-force-login/
5	Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
6	- Version: 5.4
7	Author: Kevin Vess
8	Author URI: http://vess.me/
9
	@@ -28,16 +28,27 @@ function v_forcelogin() {
28	$url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
29
30	/**
31	- * ~~Bypass~~ ~~filters~~.
32	*
33	- * @since 3.0.0 ~~The `$whitelist` filter was added.~~
34	- * @~~since~~ 4.0.0 ~~The~~ ~~`$bypass`~~ ~~filter~~ ~~was added~~.
35	- * ~~@since 5.2.0 The `$url` parameter was added.~~












36	*/
37	- $bypass = apply_filters( 'v_forcelogin_bypass', ~~false~~, $url );
38	- $whitelist = apply_filters( 'v_forcelogin_whitelist', array() );
39
40	- if ( preg_replace( '/\?./', '', $url ) !== preg_replace( '/\?./', '', wp_login_url() ) && ! $bypass ~~&& ! in_array( $url, $whitelist~~ ) ) {
41	// Determine redirect URL
42	$redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
43	// Set the headers to prevent caching


3	Plugin Name: Force Login
4	Plugin URI: https://wordpress.org/plugins/wp-force-login/
5	Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
6	+ Version: 5.5
7	Author: Kevin Vess
8	Author URI: http://vess.me/
9

28	$url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
29
30	/**
31	+ * Whitelist filter.
32	*
33	+ * @since 3.0.0
34	+ * @deprecated 5.5.0 Use {@see 'v_forcelogin_bypass'} instead.
35	+ *
36	+ * @param array An array of absolute URLs.
37	+ */
38	+ $allowed = apply_filters_deprecated( 'v_forcelogin_whitelist', array( array() ), '5.5.0', 'v_forcelogin_bypass' );
39	+
40	+ /**
41	+ * Bypass filter.
42	+ *
43	+ * @since 5.0.0
44	+ * @since 5.2.0 Added the `$url` parameter.
45	+ *
46	+ * @param bool Whether to disable Force Login. Default false.
47	+ * @param string $url The visited URL.
48	*/
49	+ $bypass = apply_filters( 'v_forcelogin_bypass', in_array( $url, $allowed ), $url );

50
51	+ if ( preg_replace( '/\?./', '', $url ) !== preg_replace( '/\?./', '', wp_login_url() ) && ! $bypass ) {
52	// Determine redirect URL
53	$redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
54	// Set the headers to prevent caching