Wordpress Force Login with special roles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: Force Login | |
| Plugin URI: https://wordpress.org/plugins/wp-force-login/ | |
| Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on. | |
| Version: 5.4 | |
| Author: Kevin Vess | |
| Author URI: http://vess.me/ | |
| Text Domain: wp-force-login | |
| Domain Path: /languages | |
| License: GPL2 | |
| License URI: https://www.gnu.org/licenses/gpl-2.0.html | |
| */ | |
| function v_user_authorized() { | |
| $user = wp_get_current_user(); | |
| return in_array( 'friends-and-family', (array) $user->roles ) or in_array( 'administrator', (array) $user->roles ); | |
| } | |
| function v_forcelogin() { | |
| // Exceptions for AJAX, Cron, or WP-CLI requests | |
| if ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || ( defined( 'DOING_CRON' ) && DOING_CRON ) || ( defined( 'WP_CLI' ) && WP_CLI ) ) { | |
| return; | |
| } | |
| // Redirect unauthorized visitors | |
| if ( ! v_user_authorized() ) { | |
| // Get visited URL | |
| $schema = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https://' : 'http://'; | |
| $url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; | |
| /** | |
| * Bypass filters. | |
| * | |
| * @since 3.0.0 The `$whitelist` filter was added. | |
| * @since 4.0.0 The `$bypass` filter was added. | |
| * @since 5.2.0 The `$url` parameter was added. | |
| */ | |
| $bypass = apply_filters( 'v_forcelogin_bypass', false, $url ); | |
| $whitelist = apply_filters( 'v_forcelogin_whitelist', array() ); | |
| if ( preg_replace( '/\?.*/', '', $url ) !== preg_replace( '/\?.*/', '', wp_login_url() ) && ! $bypass && ! in_array( $url, $whitelist ) ) { | |
| // Determine redirect URL | |
| $redirect_url = apply_filters( 'v_forcelogin_redirect', $url ); | |
| // Set the headers to prevent caching | |
| nocache_headers(); | |
| // Redirect | |
| wp_safe_redirect( wp_login_url( $redirect_url ), 302 ); | |
| exit; | |
| } | |
| } elseif ( function_exists( 'is_multisite' ) && is_multisite() ) { | |
| // Only allow Multisite users access to their assigned sites | |
| if ( ! is_user_member_of_blog() && ! current_user_can( 'setup_network' ) ) { | |
| wp_die( __( "You're not authorized to access this site.", 'wp-force-login' ), get_option( 'blogname' ) . ' › ' . __( 'Error', 'wp-force-login' ) ); | |
| } | |
| } | |
| } | |
| add_action( 'template_redirect', 'v_forcelogin' ); | |
| /** | |
| * Restrict REST API for authorized users only | |
| * | |
| * @since 5.1.0 | |
| * @param WP_Error|null|bool $result WP_Error if authentication error, null if authentication | |
| * method wasn't used, true if authentication succeeded. | |
| * | |
| * @return WP_Error|null|bool | |
| */ | |
| function v_forcelogin_rest_access( $result ) { | |
| if ( null === $result && ! v_user_authorized() ) { | |
| return new WP_Error( 'rest_unauthorized', __( 'Only authenticated users can access the REST API.', 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) ); | |
| } | |
| return $result; | |
| } | |
| add_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 ); | |
| /* | |
| * Localization | |
| */ | |
| function v_forcelogin_load_textdomain() { | |
| load_plugin_textdomain( 'wp-force-login', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/' ); | |
| } | |
| add_action( 'plugins_loaded', 'v_forcelogin_load_textdomain' ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment