Last active
January 13, 2023 19:10
-
-
Save daggerhart/d19821ff8ce836a5fc68 to your computer and use it in GitHub Desktop.
Completely disable the WordPress login form. You have your reasons.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// pick a hook from the wp-login.php file that best our needs. I chose the filter: wp_login_errors | |
add_filter( 'wp_login_errors', 'my_login_form_lock_down', 90, 2 ); | |
/** | |
* Completely lock down the WordPress login form by hijacking the page | |
* and only executing the the login header, footer, and necessary | |
* closing tags. | |
* | |
* Provide a secret way to show the login form as a url variable in | |
* case of emergencies. | |
*/ | |
function my_login_form_lock_down( $errors, $redirect_to ){ | |
// access the login form like so: http://example.com/wp-login.php?secretform=yesplease | |
$secret_key = "secretform"; | |
$secret_password = "yesplease"; | |
if ( !isset( $_GET[ $secret_key ] ) || $_GET[ $secret_key ] != $secret_password ) { | |
login_header(__('Log In'), '', $errors); | |
echo "</div>"; | |
do_action( 'login_footer' ); | |
echo "</body></html>"; | |
exit; | |
} | |
return $errors; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment