Secure Pages Best Practice

I am in process of writing a plugin that has front-end shortcodes that display a user’s information/data. If the user is not logged in, I need to redirect to a front-end login page/form. What would be the best practice here? My plugin creates the pages that I use as well as add the shortcodes to those pages. So, if there is a way to “protect” those pages I would love to know.

Related posts

2 comments

  1. Not sure about the best practices, but I have a few custom login-sensitive pages which simply display a message if user is not logged and is trying to view the page directly:

    $logged_in = is_user_logged_in();
    
    if($logged_in) {
    ?>
    <article id="post">
            <?php the_content(); ?>
    </article>
    <?php
    } else {
        _e('You are not logged in. Please ', 'abc');
        echo '<a href="' . site_url( 'login' ) . '">'. __('log in','abc') .'</a> ' . __('or','abc') . ' ';
        echo '<a href="' . site_url( 'register' ) . '">'. __('register','abc') .'</a>.';
    }
    

    Note: both the login and register pages are custom pages as well.

  2. You can’t redirect users from a shortcode. Shortcodes run too late– well after content has been sent. But given that your plugin is creating the Pages you should be able to do this:

    function protect_plugin_page_wpse_101230() {
      if(is_page('page-slug') && !is_user_logged_in()) {
        wp_safe_redirect('your-login-page-url');
      }
    }
    add_action('template_redirect','protect_plugin_page_wpse_101230');
    

Comments are closed.