Articles of authentication

Custom Login Form – Redirect user to login page if not logged in

I have integrated custom login form as mentioned here and embed this custom login form to a WordPress page, via shortcode [dm_login_form]. After that I have integrated access control plugin here which allows me to redirect user to login page if not logged in. I need to redirect user to my custom login page whenever […]

Reloading page with a query string upon login for admins

After users with specific roles log in, I would like to reload the current page with a query string added (to trigger a message via JavaScript). How can this be improved? function show_hi_admin_message() { global $current_user; get_currentuserinfo(); if ( user_can( $current_user, ‘administrator’ ) ) { ?> <script> $(function() { window.location.replace(window.location.href.split(‘#’)[0] + ‘?message=hiadmin’); }); </script> <?php […]

WP-API and Basic Auth returning 403 on POST but not GET

I am using the latest, WP-API and the recommended Basic Auth, to test adding a post to WP from remote. I have Access Headers opened up on the WP side: header(“Access-Control-Allow-Origin: *”); header(“Access-Control-Allow-Methods: GET, POST, PUT, DELETE”); header(“Access-Control-Allow-Headers: Authorization, Content-Type”); When I submit a Get request to: the call easily authenticates and returns the […]

`authenticate` filter never gets called

I’ve added and network activated a plugin with this code: add_filter(‘authenticate’, ‘my_authenticate’, 1000, 2); function my_authenticate($user, $username){ // We never arrive in this function From a debugger I can see that we hit the add_filter line but we never enter the my_authenticate function. Why’s that? And how do I fix the problem?

What WP-API authentication method should I use to interact with anonymous / not-logged visitors?

I am going to track number of plays of a video in my site by both visitors and users. Whenever the video starts playing I am using JavaScript for the event handling in the frontend and write to wp_options or wp_usermeta to track these interactions. I was going to make an AJAX request to the […]

Where is function to prevents non logged users access wp-admin?

Where is the function, that prevents non logged users, access restricted pages in WordPress? I’ve looked in several files, but not found. I want to modify the way WordPress authenticates to check cookies and also sessions. Someone, help me?

How are readers authenticated for leaving comments?

I’m thinking of creating a WordPress blog, not on but just using WordPress on a hosted website. I would like to allow comments on the blog, but was wondering in what way are commentators authenticated. (I don’t have experience with WordPress.) Are passwords stored in plaintext? Are their hashes stored? Is bcrypt used? Are […]

Where to store credentials used in a function?

This question already has an answer here: Where to securely store API keys and passwords in WordPress? 2 answers

Where is the php file, that does the checks for login information?

I would like to add some additional checks into my wordpress website’s username and password authentication function for specific usernames, but I cannot find the correct php file… /* I would like to do something like this */ if ($username == “testuser_with_no_rights”) { /* … */ } else { /* do everything as it was […]

wp-admin AJAX with Fetch API is done without user

TL;DR – Why is my user account not logged in during an AJAX request which is made inside wp-admin? I have the following setup: <?php add_action(‘wp_ajax_foobar_action’, ‘foobar_action’); add_action(‘wp_ajax_nopriv_foobar_action’, ‘foobar_action’); function foobar_action() { check_ajax_referrer(); wp_send_json((object) [‘msg’ => ‘hello world’]); } add_action(‘admin_print_scripts’, function () { printf(‘<script type=”text/javascript”>window.custom_nonce = “%s”;</script>’, wp_create_nonce()); }); And in JS: var msg = […]