Issue Description
If on a WordPress install you wish to hijack any attempts to access /wp-admin/ to login (note this doesn’t work for wp-login.php)
How to Fix the Issue
This code is lifted from Wardhadaway, they used a custom login screen associated with the employee portal.
Two bits of code necessary – one is to redirect, the other is to redirect after a failed login.
Fixed Code Snippets
add_action('wp_login_failed', 'my_front_end_login_fail');
//If username or password is incorrect this fires to redirect user to custom login screen, hiding wordpress backend.
function my_front_end_login_fail($username){
// Get the reffering page, where did the post submission come from?
$referrer = $_SERVER['HTTP_REFERER'];
$custURL = '';
// if there's a valid referrer, and it's not the default log-in screen
if(!empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin')){
// let's append some information (login=failed) to the URL for the theme to use
wp_redirect('/login?login=failed');
exit;
}
}
//login url fix
add_filter('login_url','fix_login_url');
function fix_login_url($link){
return str_replace(site_url('wp-login.php', 'login'),site_url('login', 'login'),$link);
}