Custom login redirects to wp-admin on wrong password

3 comments

1. While coding a custom login page, one needs to take care of the errors, else WordPress would redirect the page to /wp-admin or wp-login.php on wrong passwords or empty credentials. Please follow the below to solve this issue:–

   Please use the below in your theme’s functions.php file:-

   /**
    * Function Name: front_end_login_fail.
    * Description: This redirects the failed login to the custom login page instead of default login page with a modified url
   **/
   add_action( 'wp_login_failed', 'front_end_login_fail' );
   function front_end_login_fail( $username ) {
   
   // Getting URL of the login page
   $referrer = $_SERVER['HTTP_REFERER'];    
   // if there's a valid referrer, and it's not the default log-in screen
   if( !empty( $referrer ) && !strstr( $referrer,'wp-login' ) && !strstr( $referrer,'wp-admin' ) ) {
       wp_redirect( get_permalink( LOGIN_PAGE_ID ) . "?login=failed" ); 
       exit;
   }
   
   }
   
   /**
    * Function Name: check_username_password.
    * Description: This redirects to the custom login page if user name or password is   empty with a modified url
   **/
   add_action( 'authenticate', 'check_username_password', 1, 3);
   function check_username_password( $login, $username, $password ) {
   
   // Getting URL of the login page
   $referrer = $_SERVER['HTTP_REFERER'];
   
   // if there's a valid referrer, and it's not the default log-in screen
   if( !empty( $referrer ) && !strstr( $referrer,'wp-login' ) && !strstr( $referrer,'wp-admin' ) ) { 
       if( $username == "" || $password == "" ){
           wp_redirect( get_permalink( LOGIN_PAGE_ID ) . "?login=empty" );
           exit;
       }
   }
   
   }
   // Replace my constant 'LOGIN_PAGE_ID' with your custom login page id.
   

   and the below in the custom login page file to show the corresponding errors:–

   <div class="wp_login_error">
       <?php if( isset( $_GET['login'] ) && $_GET['login'] == 'failed' ) { ?>
           <p>The password you entered is incorrect, Please try again.</p>
       <?php } 
       else if( isset( $_GET['login'] ) && $_GET['login'] == 'empty' ) { ?>
           <p>Please enter both username and password.</p>
       <?php } ?>
   </div>          
   

2. Did you tried echoing the

   site_url($_SERVER['REQUEST_URI'] );
   

   this one works fine, I’ve used it succesfuly

   'redirect' => get_permalink()
   

   Update
   For redirect on login failure, you gotta use wp_login_failed hook, and some custom code to redirect user to desires page with proper warning message.

   add_action('wp_login_failed', '_login_failed_redirect');
   
   function _login_failed_redirect( $username ){
   
     //get your page by slug and then its permalink
     $post = get_page_by_path('slug');
   
     //Or you can get your page ID, if you are assigning a custom template to a page.
     $redirect_page = !empty ( $post ) ? get_permalink ( $post->ID ) : site_url();
   
     $user = get_user_by('login', $username );
   
     if(!$user){
       //Username incorrect
       wp_redirect($redirect_page .'?login_error=1');
   
     }else{
      //Username Password combination incoorect
       wp_redirect($redirect_page .'?login_error=2');
     }
   
   }
   

   And if you are redirecting to some template, you can easily get login_error and display it accordingly.

3. Thank you to Maruti for your comment, it’s really helped me with the exact same issue!

   Where he has written:
   “and the below in the custom login page file to show the corresponding errors…”
   does somebody know where I can find the login page file? I have a feeling this is a silly question, but I’ve looked everywhere I can think of, and can’t find where to add the div error code?

   Thanks for any response!

Comments are closed.