Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Added an exception to allow localhost access while my Force Login plugin is activated.
function v_forcelogin() {
$url = v_getUrl();
if( !is_user_logged_in() && preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) ) {
if( $_SERVER['REMOTE_ADDR'] != '' ) {
wp_safe_redirect( wp_login_url( $url ), 302 ); exit();

kevinvess commented Oct 28, 2014

Keep in mind, using this code has security implications. The client can set HTTP header to any arbitrary value it wants. Meaning, someone could trick the server into thinking they're visiting the site with the IP address and bypass the forced login.

Just rain in the issue here:

Will this somehow be resolved in the official plugin? Maybe as an checkable option or by enabling WP-Cron to run either ways?


kevinvess commented Jun 30, 2016

As of Force Login version 4.0 – exceptions for AJAX, WP-Cron, and WP-CLI requests have been added to the official plugin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment