1 comment

  1. You have in many ways already answered your question: the technique described in the article is not going to be reliable. What you might not have worked out is “why”.

    The code uses relative URLS…

    <form name="loginform" id="loginform" action="/wp-login.php" method="post">

    … which are nearly always unreliable in WordPress context. That won’t work if the site is installed in a directory so that the login url is at www.example.com/directory/wp-login.php.

    Second, the code uses wp-login.php as the form action (not site_url('wp-login.php'), please note, or even wp_login_url() which would be correct), meaning that when you submit the form you go to the old login page for processing. If something goes wrong, that page is where you end up.

    Third, the site_url regex hack will only work if you use site_url or functions that use site_url. It won’t work if a plugin or theme does not use those functions, nor will it work if someone ( as I usually do ) just types wp-login.php into the address bar.

    Fourth, regexing site_url is not the way to go. You are running regex every time that function is used. How many times is that going to used for a login link? Less than 1%? Very wasteful.

    A better hook would be login_url, which is made for this circumstance.

    Basically, this is a very superficial login page hack, not a “WordPress Login page complete redesign”. There are better ways to customize your login page, the most straightforward being to use the actions and filters on the login page itself. If you choose to use a completely different page that wp-login.php you will need to duplicate most of the default functionality as that page has both functions and raw HTML and isn’t easily included in other pages without making a mess.

Comments are closed.