disable wp-admin to wp-login canonical redirect (wordpress)

Poofy picture Poofy · Feb 23, 2017 · Viewed 8.2k times · Source

I am building a website, with wordpress+buddypress (latest version).

In this website, I have my own custom login|signup|resetpass forms, and I do not want to link them to back-end wp-forms.

I have blocked the back-end forms for all users (default wp-login|signup|resetpass forms)(with a 404 header code)

So if you try to reach wp-admin/wp-login you will see the 404.

I do not want to use any kind of redirection I want to stop the redirection on a special URL, as to Stop the redirection from that URL to any other URLs I want to stop redirection from /wp-admin to /wp-login.php?redirect_to=http%3A%2F%2Fsite.com%2Fwp-admin%2F&reauth=1

When you try to reach www.example.com/wp-admin and you are not logged in, you will automatically get redirected to:

example.com/wp-login.php?redirect_to=http%3A%2F%2Fsite.com%2Fwp-admin%2F&reauth=1

you will get redirected... the URL will change automatically this is the default action of wordpress.

I want to stop that automatic redirection.

When you try to reach /wp-admin, you have to stay at /wp-admin (you should not get a redirect to wp-login).

Please see these 2 pictures for full details:

Picture 1:

example.com/wp-admin

Picture 2:

you see the url changed automatically

* NOTE:

The 404 is something I made to happen..., it's not an error.

I've tested so many codes, to stop it. but none worked for me.

Code number 1:

remove_action('template_redirect', 'redirect_canonical');

Code number 2:

remove_filter('template_redirect', 'redirect_canonical');

Code number 3:

add_action(
    'init',
    function () {
        remove_action('template_redirect', 'wp_redirect_admin_locations', 1000);
    }
);

Code number 4:

function custom_wp_redirect_admin_locations() {
    global $wp_rewrite;
    if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) )
        return;
    $admins = array(
        home_url( 'wp-admin', 'relative' ),
    );
    if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $admins ) ) {
        $wp_query->set_404();
        get_template_part( 404 ); 
        exit();
    }
    $logins = array(
        home_url( 'wp-login.php', 'relative' )
    );
    if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins ) ) {
        $wp_query->set_404();
        get_template_part( 404 ); 
        exit();
    }
}

function remove_default_login_redirect() {
    remove_action('template_redirect', 'wp_redirect_admin_locations', 1000);
    add_action( 'template_redirect', 'custom_wp_redirect_admin_locations', 1000
    );
}
add_action('init','remove_default_login_redirect');

Code number 5 :

add_action(
    'template_redirect',
    function () {
        $requ = untrailingslashit($_SERVER['REQUEST_URI']);
        if (site_url('wp-admin', 'relative') ===
        untrailingslashit($_SERVER['REQUEST_URI'])) {
            remove_action('template_redirect', 'wp_redirect_admin_locations', 1000);
        }
    }
);

Code number 6:

function custom_wp_redirect_admin_locations() {
    global $wp_rewrite;
    if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) )
        return;

    $requested_url = untrailingslashit( $_SERVER['REQUEST_URI'] );

    $admins = array(
        home_url( 'wp-admin', 'relative' ),
        home_url( 'dashboard', 'relative' ),
        home_url( 'admin', 'relative' ),
        site_url( 'dashboard', 'relative' ),
        site_url( 'admin', 'relative' ),
    );
    if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $admins ) ) {
        redirect_canonical( $requested_url , false );
        exit;
    }

    $logins = array(
        home_url( 'wp-login.php', 'relative' )
    );
    if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins ) ) {
        redirect_canonical( $requested_url , false );
        exit;
    }
}

function remove_default_login_redirect() {
    remove_action('template_redirect', 'wp_redirect_admin_locations', 1000);
    add_action( 'template_redirect', 'custom_wp_redirect_admin_locations', 
    1000);
}

add_action('init','remove_default_login_redirect');

Whatever I used doesn't seem to be doing the thing I want. How can I do it?


EDIT : Clarify the context, which is not a duplicate.

The link is said as duplicate clearly saying that he wants his wp-login pages to get redirect to his own login/registration pages.

But I clearly said "Please read the first 16 lines". which means that I do not try/want to redirect + I do not try/want to restrict using any kind of redirection

Plus: I've read all of these articles before posting this. But none of them were the thing that I wanted. So I started a new topic , with full detail.

FYI, I have read 7 more articles (which I picked the codes from them):

But I need at least 10reputations to post more than 2 links! So I cannot say more than 2.

  1. the second article
  2. the third article
  3. the fifth article

I am grateful for your time and attention, but please read my question one more time with more attention.

Answer

Tomasz Struczyński picture Tomasz Struczyński · Feb 27, 2017

First - explanation.

Wordpress is kind of tricky, when it comes to admin pages. Essentially, when admin page is being loaded, wp-admin/admin.php is being included. Inside this file there is a call to a function called auth_redirect() It checks, if user is logged in, and if not - redirects him to a login page.

As this function is not a typical action/filter, it is kind of hard to disable it. Fortunately, it calls several hooks on its own. One of them, auth_redirect_scheme, is called just before real redirection happens. It is meant to prepare a 'scheme' (http/https) for redirection, but we can exploit it to suit your goals.

I added a filter hook for auth_redirect_scheme, with priority 9999 (it does not really matter, but I wanted it to run late, just in case). I then took a piece of code from original auth_redirect() used to check, if user is logged in (wp_validate_auth_cookie). If he is, we just return value, as nothing has to be done. If the user is not logged in, though, we show an error page and exit the script (to prevent redirect of happening).

Also, just in case I disabled wp_redirect_admin_locations filter. I'm not really sure, if this is needed, but...

And now - the code. Mind, this might not be the perfect solution and will require some improvements from your part.

<?php
/**
 * @packageStop_Redirect
 */
/*
Plugin Name: Stop redirect
Plugin URI: 
Description: Stop redirecting anything to wp-login
Author: Tomasz Struczyński
Version: 0.1
Author URI: 
*/

add_action('init', 'remove_default_redirect');
add_filter('auth_redirect_scheme', 'stop_redirect', 9999);

function stop_redirect($scheme)
{
    if ( $user_id = wp_validate_auth_cookie( '',  $scheme) ) {
        return $scheme;
    }

    global $wp_query;
    $wp_query->set_404();
    get_template_part( 404 );
    exit();
}

function remove_default_redirect()
{
    remove_action('template_redirect', 'wp_redirect_admin_locations', 1000);
}