Articles of authentication

Need to execute a cron job

I need a cron job to execute the following url The problem is that it requires to be logged in as admin, what are my options? I’ve tried a few plugins but they use hooks instead of just executing a url and the cron jobs provided by the control panel does not log in […]

Set authentication cookies to be shorter but then extend with every page load

I’m trying to get around the otherwise very insecure way of WordPress handling authentication cookies. I mean, having the cookie expire in 2 weeks only if I build a membership site is obviously not ok, but at the same time, making it expire in 15 minutes while the user is logged in would be more […]

Are there ways of logging in that bypass wp-login.php altogether?

I have a WP install that’s been getting hammered the last couple days by brute force login attempts. The site has the Limit Login Attempts plug-in installed. And when I started getting frequent notifications about lockouts, I decided since I only access the wp-login.php file and the wp-admin from one place, to block all IPs […]

WordPress Authentication Middleware

What I want to achieve is: For every request , if the user is not logged he / she will be redirected to the log in page. If the user is logged in then he / she can access the site. class Auth{ protected static $instance = null; public function checkAuth(){ auth_redirect(); } public static […]

add action which returns modified value

I want to modify submited password in wp_logon wp_authenticate action. When authenticating, I want to grab submited password, modify it, and pass back to wp_logon So here is an action do_action_ref_array(‘wp_authenticate’, array(&$credentials[‘user_login’], &$credentials[‘user_password’])); I’m adding my action like this (as @kaiser suggested): add_action(“wp_authenticate”, “myfunctionhere”); function myfunctionhere($credentials) { return $credentials[‘user_password’] = ‘foo’; } The thing is […]

Ajax for non-logged-in users

I’m working on a plugin that captures some data from a non-logged-in user (such as a Like Button) and enters it into the database based on post_id. My plugin works fine for logged-in users but non-logged-in users produces a “-1” response in AJAX. I’m guessing this has to do with an authentication barrier for writing […]

How do I require authorization / login to view a specific set of posts / pages?

I am working on a wordpress site for a client who wants an internal ‘intranet’ for his employees. The basic needs are: Communicate things in-house House important company documents Provide quick access to resources to employees. This info is sensitive and for employees only. They would like each employee to have a user name / […]

current_user_can not always working properly

I have a custom WordPress theme that includes a members only section. In order to implement this, I have the following code at the top of my restricted pages. <?php if ( ! current_user_can (‘view_players_area’) ) { header(‘Location: ‘ . wp_login_url( “http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]” ) ); } ?> Most of the time, this works fine, however every […]

How to get the ID of the currently logged in user?

I want to get the ID of the currently logged in user. I’ve found the function: get_current_user_id which seems to be working, however I’m not sure what ‘current’ means in this context. Meaning if the user views the profile of another user, then will the current user change to become the other user? In short […]

How to leverage authentication outside of WordPress?

I have a situation where I would like to authenticate against the WP_users table from outside of WP. Basically I have username and password fields on a static php page outside of wordpress and need to check user / pass and send back a response (yes / no). Is this possible? Any clues on how […]