Secure Pages Best Practice

1 Views

I am in process of writing a plugin that has front-end shortcodes that display a user’s information/data. If the user is not logged in, I need to redirect to a front-end login page/form. What would be the best practice here? My plugin creates the pages that I use as well as add the shortcodes to those pages. So, if there is a way to “protect” those pages I would love to know.

Post Views: 1

Related posts

2 comments

  1. Not sure about the best practices, but I have a few custom login-sensitive pages which simply display a message if user is not logged and is trying to view the page directly:

    $logged_in = is_user_logged_in();

if($logged_in) {
?>
<article id="post">
        <?php the_content(); ?>
</article>
<?php
} else {
    _e('You are not logged in. Please ', 'abc');
    echo '<a href="' . site_url( 'login' ) . '">'. __('log in','abc') .'</a> ' . __('or','abc') . ' ';
    echo '<a href="' . site_url( 'register' ) . '">'. __('register','abc') .'</a>.';
}

    Note: both the login and register pages are custom pages as well.

  2. You can’t redirect users from a shortcode. Shortcodes run too late– well after content has been sent. But given that your plugin is creating the Pages you should be able to do this:

    function protect_plugin_page_wpse_101230() {
  if(is_page('page-slug') && !is_user_logged_in()) {
    wp_safe_redirect('your-login-page-url');
  }
}
add_action('template_redirect','protect_plugin_page_wpse_101230');

Comments are closed.