WordPress login widget redirect prevention

I don’t know if I’ve mentioned this before, but WordPress has become my favourite open source tool ever. There is very little that you can’t do with it. I like how you can hook into almost any core WordPress functionality and last night I had to modify the  wordpress login widget.

The problem I solved was preventing wordpress to redirect to wp-login.php after you’ve attempted to login using the wordpress login widget. For example, if you have a login widget in your sidebar and type in incorrect account details and hit submit – WordPress then redirects you to it’s standard login page wp-login.php. I thought, what’s the point of having the widget if you end up getting redirected to another page when you type in your credentials incorrectly. The beauty of WordPress is that you can hook into and customise almost any core functionality using WordPress hooks and filters.

So here are a couple of hooks that will prevent WordPress from redirecting to the default login page if you put in incorrect credentials in your login widget. The first one redirects back to referrer page if credentials are incorrect, the second one redirects to referrer if you leave either username or password blank.

/*-------------------------------------------------------------------------------------*/
/* Login Hooks and Filters
/*-------------------------------------------------------------------------------------*/
if( ! function_exists( 'custom_login_fail' ) ) {
    function custom_login_fail( $username ) {
        $referrer = $_SERVER['HTTP_REFERER']; // where did the post submission come from?
        // if there's a valid referrer, and it's not the default log-in screen
        if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') ) {
            if ( !strstr($referrer,'?login=failed') ) { // make sure we don’t append twice
                wp_redirect( $referrer . '?login=failed' ); // append some information (login=failed) to the URL for the theme to use
            } else {
                wp_redirect( $referrer );
            }
            exit;
        }
    }
}
add_action( 'wp_login_failed', 'custom_login_fail' ); // hook failed login
if( ! function_exists( 'custom_login_empty' ) ) {
    function custom_login_empty(){
        $referrer = $_SERVER['HTTP_REFERER'];
        if ( strstr($referrer,'mylogin') && $user==null ) { // mylogin is the name of the loginpage.
            if ( !strstr($referrer,'?login=empty') ) { // prevent appending twice
                wp_redirect( $referrer . '?login=empty' );
            } else {
                wp_redirect( $referrer );
            }
        }
    }
}
add_action( 'authenticate', 'custom_login_empty');

Thanks to WP insite for the tip!

Marko

  • thanks, but where and what do I do with this ?

  • Rick, I presume you’re asking where to place this code? You would typically add this in your theme’s functions.php file. It’s where you would normally add your custom functionality. Alternatively, you could place it in mu-plugins directory. Lookup “must use plugins” for more info.

  • thansk, I cut and paste the code in funtions php and it had no affect, still redirects to backend login page.

    • Rick, the only thing I would sugest is look at your log file for any possible errors or warnings. I know this snippet works, I’ve used it on a couple of sites. Also make sure you’re on the latest version of WordPress.

      If it still doesn’t work, put the code in mu-plugins directory in any file.

  • Dan

    Hey.. nice! works perfect. but in case one or both forms are left blank it redirects to wp-login.php. Would be nice to have a function for that one too.. any thoughts? sorry 4 my typos

    • Dan the line that validates empty fields is this:

      if ( strstr($referrer,'mylogin') && $user==null )

      where ‘mylogin’ is your login page slug. For example, http://www.mysite.com/mylogin You’ll need permalinks enabled for this to work. That’s the only thing you need to change in this snippet and you should be good.

  • Dan

    I have this code but it doesn’t work properly. Can you make something out of it?

    $ignore_codes = array(’empty_username’, ’empty_password’);

    if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {

    // Code //

    }

    Thanks!