How to Redirect WordPress Failed Logins

15
May

This code snippet demonstrates how to redirect a user back to a desired page after any WordPress failed logins.

Adding a log-in form to the front end of WordPress is pretty easy. WordPress 3.0 gave us the flexible wp_login_form() function, which displays a log-in form that can be customized with a number of arguments. By default, it will redirect the user back to the current page upon successful authentication, but we can also customize the redirect location.

How to Redirect WordPress Failed Logins

How to Redirect WordPress Failed Logins

Redirect WordPress Failed Logins back to homepage

If you wish to redirect the user back to your blog homepage use the below code

1
2
// will redirect back to the blog's home page
wp_login_form(array('redirect'=> site_url())); 
// will redirect back to the blog's home page
wp_login_form(array('redirect'=> site_url())); 

Redirect WordPress Failed Logins to custom location

There’s just one problem with the above code; it will only redirect upon successful authentication! If your idea was to hide the default WordPress log-in screen, then sending users who fail at a log-in attempt back to the default log-in screen probably isn’t ideal. Here’s a hook and some code that you can put in your functions.php file that will redirect failed logins to any location of your choosing.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
// hook failed login
add_action('wp_login_failed', 'my_front_end_login_fail'); 
 
function my_front_end_login_fail($username){
    // Get the reffering page, where did the post submission come from?
    $referrer = $_SERVER['HTTP_REFERER'];
 
    // if there's a valid referrer, and it's not the default log-in screen
    if(!empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin')){
        // let's append some information (login=failed) to the URL for the theme to use
        wp_redirect($referrer . '?login=failed'); 
    exit;
    }
}
// hook failed login
add_action('wp_login_failed', 'my_front_end_login_fail'); 

function my_front_end_login_fail($username){
    // Get the reffering page, where did the post submission come from?
    $referrer = $_SERVER['HTTP_REFERER'];

    // if there's a valid referrer, and it's not the default log-in screen
    if(!empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin')){
        // let's append some information (login=failed) to the URL for the theme to use
        wp_redirect($referrer . '?login=failed'); 
    exit;
    }
}
Be sure to check out our other great WordPress Code Snippets and WordPress Articles.
Enjoy this article? If so, we would love to hear your thoughts in the comments below

 

Related Blog Posts

10 Responses to How to Redirect WordPress Failed Logins

  1. David Portela

    I modified this slightly so that you don’t end up making the addition of ‘?login=failed’ useless if the users try to login repeatedly. As it is above, if a user fails to log in and then tries again with bad data, he is then returned to $referrer . ‘?login=failed’, which means the URL will look something like http://www.foo.com/?login=failed?login=failed, and since you’ve declared the variable twice in the URL, any if statements you used to get the variable from $_GET won’t work any more.

    A simple modification fixes the issue:

    add_action( ‘wp_login_failed’, ‘my_front_end_login_fail’ ); // hook failed login

    function my_front_end_login_fail( $username ) {
    $referrer = $_SERVER['HTTP_REFERER']; // where did the post submission come from?
    // if there’s a valid referrer, and it’s not the default log-in screen
    if ( !empty($referrer) && !strstr($referrer,’wp-login’) && !strstr($referrer,’wp-admin’) ) {
    if ( !strstr($referrer,’?login=failed’) ) { // make sure we don’t append twice
    wp_redirect( $referrer . ‘?login=failed’ ); // let’s append some information (login=failed) to the URL for the theme to use
    } else {
    wp_redirect( $referrer );
    }
    exit;
    }
    }

    Thanks for writing this code though, it helped me a lot in a project I just finished! Cheers!

    Reply
  2. how about when the fields are null? BTW: thanks for this code :)

    Reply
  3. Hi,
    I’m a total novice.
    Really useful code, thanks, but could anyone tell me how to make it work for empty fields?

    Thanks

    Reply
  4. this code redirects if the inputs are empty:

    add_action( ‘authenticate’, ‘my_custom_function’);

    function my_custom_function(){
    $referrer = $_SERVER['HTTP_REFERER'];
    if ( strstr($referrer,’login1′) && $user==null ) { // login1 is the name of the loginpage.
    wp_redirect( $referrer . ‘?login=leer’ );

    }
    }

    Reply
  5. Hello guys, thank you for the tip.

    But i don’t know where to copy/paste your code ?

    I put it in wp-includes/functions.php and it does not work and try to put it in my theme directory/functions.php but does not work too…

    I am running wordpress 3.4.1

    Thank you for your help :)

    Reply
    • Any extra code that you add to WordPress goes into the “functions.php” located inside your current theme directory.
      The functions file belongs in here: “wp-content/themes/your-current-theme/functions.php”.

      In no way should you modify the core WordPress files.

      Try deleting the code from where you have added it and add it the the functions.php instructed above.

      Broady

      Reply
  6. It is better to use add_query_arg() to build URL with arguments.
    More in Codex: http://codex.wordpress.org/Function_Reference/add_query_arg
    That way you can remove condition:
    if ( !strstr( $referrer, ‘?login=failed’ ) ) {…}
    For ex:
    wp_redirect( add_query_arg( array( ‘login’ => ‘failed’ ), $referrer ) ); // let’s append some information (login=failed) to the URL for the theme to use

    Reply

Leave a Reply