Prevent access to wp-login.php and wp-admin

Good-Bids · Dec 12, 2023 · b6ec436 · b6ec436
1 parent a13ea79
commit b6ec436
Showing 1 changed file with 38 additions and 0 deletions.
diff --git a/client-mu-plugins/goodbids/src/classes/plugins/WooCommerce.php b/client-mu-plugins/goodbids/src/classes/plugins/WooCommerce.php
@@ -36,6 +36,7 @@ public function __construct() {
 		$this->add_auth_page_setting();
 		$this->display_post_states();
 		$this->authentication_redirect();
+		$this->prevent_wp_login_access();
 	}
 
 	/**
@@ -233,4 +234,41 @@ function () : void {
 			}
 		);
 	}
+
+	/**
+	 * Prevent access to WP Login page unless user can manage options.
+	 *
+	 * @since 1.0.0
+	 *
+	 * @return void
+	 */
+	private function prevent_wp_login_access() : void {
+		add_action(
+			'login_head',
+			function () {
+				$request = ! empty( $_SERVER['REQUEST_URI'] ) ? sanitize_text_field( $_SERVER['REQUEST_URI'] ) : '';
+
+				// Check if the current URL contains /wp-admin or /wp-login.php
+				if ( ! str_contains( $request, '/wp-admin' ) && ! str_contains( $request, '/wp-login.php' ) ) {
+					return;
+				}
+
+				// Allow logged-in users with manage_options permissions.
+				if ( is_user_logged_in() && current_user_can( 'manage_options' ) ) {
+					return;
+				}
+
+				$auth_page_url = wc_get_page_permalink( 'authentication' );
+
+				if ( ! $auth_page_url ) {
+					return;
+				}
+
+				// Redirect to custom Auth page.
+				wp_safe_redirect( $auth_page_url );
+				exit;
+			},
+			2
+		);
+	}
 }