Custom WordPress Login Page Feature Compatibile with PPWP Plugin

In order to protect your website from hackers, bots, or unwanted intruders, you want to hide the default WordPress login page.

While there are a few different ways to hide your login page, using security plugins is the quick and easy one.

These security plugins let you modify a new custom login URL and block all traffic to the default wp-admin and wp-login pages. Hackers, therefore, cannot find and attack your website in the usual way.

However, once the default WordPress login page URL is changed by your security plugins, there could be a conflict with our PPWP plugin. As a result, our password protection might not work properly.

Popular security plugins in potential conflict are listed as follow:

  • WPS Hide Login
  • Easy Hide Login
  • XO Security
  • WP Engine hosting provider – wpe-login=true security feature

Since PPWP Free version 1.4.5.1, you can resolve this conflict easily by enabling our custom form action under Password Protect WordPress >> Misc tab.

For version 1.4.5 and lower, simply add this code to your (child) theme functions.php

add_filter( 'ppwp_ppf_action_url', 'ppwp_get_custom_ppf_action_url', 999, 1 );
/**
 * Replace the default URL to current page.
 *
 * @param string $default_url The default URL.
 *
 * @return mixed
 */
function ppwp_get_custom_ppf_action_url( $default_url ) {
	$callback_value = rawurlencode( apply_filters( PPW_Constants::HOOK_CALLBACK_URL, get_permalink() ) );

	// Get current page.
	return add_query_arg(
		array(
			'action'                           => 'ppw_postpass',
			PPW_Constants::CALL_BACK_URL_PARAM => $callback_value,
		),
		null
	);
}

add_action( 'wp', 'ppwp_handle_ppf_form_submit', 5 );
/**
 * Handle PPWP From Submit.
 */
function ppwp_handle_ppf_form_submit() {
	// Check whether or not WordPress has already sent headers.
	global $wp_did_header;
	if ( ! $wp_did_header || ( isset( $_SERVER['REQUEST_METHOD'] ) && 'POST' !== $_SERVER['REQUEST_METHOD'] ) ) {
		return;
	}

	// Only allow URL with having action querystring is ppw_postpass.
	if ( ! isset( $_GET['action'] ) || 'ppw_postpass' !== $_GET['action'] ) { // phpcs:ignore
		return;
	}

	if ( ! class_exists( 'PPW_Password_Services' ) || ! array_key_exists( 'post_password', $_POST ) ) { // phpcs:ignore
		return;
	}

	// Get post_id from referer url if Post data is not exist post_id.
	$post_id = ppw_get_post_id_from_request();
	if ( empty( $post_id ) ) {
		return;
	}

        if ( ! isset( $_POST['post_password'] ) ) { // phpcs:ignore
            return;
	}

	$password = wp_unslash( $_POST['post_password'] ); // phpcs:ignore

	$free_services = new PPW_Password_Services();
	$free_services->handle_after_enter_password_in_password_form( $post_id, $password );
}

Check out the list of security plugins working seamlessly with Password Protect WordPress that our team has a chance to test out.

Lasted updated on June 9, 2020