I use a .htaccess basic auth on my WC site to help prevent hackers accessing wp-login, which works well... except with WooCommerce if a logged in customer wants to logout from their account - upon clicking the logout link - they are greeted by the Basic Auth popup asking them to "authorise" (generated by our .htaccess). On Woocommerce dashboard: Hello MrTest (not MrTest ? Log out) << clicking on "Log out" brings up the Basic Auth login box.... how can …
I want to disable the default email that is send when user is registered. I am using this plugin for email verification User Verification By PickPlugins, which sends an email with confirmation link, but the problem is that by default and WordPress send an email via pluggable.php: function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ){...} I am using a theme (which I am extending with a child theme), which calls wp_create_user. I have replaced that parent theme function …
WordPress 5.9 Users trying to access the homepage when the session expires, are sent to re-authenticate. The behavior seems weird since it only applies to the homepage. Users with expired sessions can access all other pages without being asked to re-authenticate. Why is the behavior inconsistent, and how can users with expired sessions not be redirected to re-authenticate?
I need to keep in sync the username and the email of my users. I don't know if there is a better way so I have tried running this code right after the user updates his profile data: global $wpdb; $wpdb->update( $wpdb->users, array('user_login' => $email), array('ID' => $user->ID) ); but this way the auth cookie becomes invalid and the user is logged out. I have also tried forcing the creation of the auth cookie right after the update, like this: …
i want to get authentication to my website like to be the page with name and password as a file reference to log in as visitor with detected authorization to each person want to visit the website how i can set up the file user to check in and how can give authorization to each one can access .
I am trying to request page content, but the raw page content, calling this route: "/wp-json/wp/v2/pages/" + id + "?context=edit" In response to this I get: code: "rest_forbidden_context" data: {status: 401} message: "Sorry, you are not allowed to edit this post." Makes sense, guessing I just can't get the edit content unathenticated. However, it is unclear to me how I can retrieve the raw content of a post/page from the API. Potential Solutions I am struggling to find: Is there …
I am having problems authenticating a user after logging in using a custom endpoint using the WordPress REST API. I'm aware that this is not the perfect approach but I am just trying to make a few custom routes so that I can prototype a mobile app. I have searched countless forums and I have looked at a number of other answers but I can't seem to find out what the problem is in my code. Code to create a …
I'm building a custom login page for clients and wish to keep the wp-login page for site administrators. For checking for empty fields I'm using the code: function verify_user_pass($user, $username, $password) { $login_page = home_url('/login/'); if($username == "" || $password == "") { wp_redirect($login_page . "?login=empty"); exit; } } add_filter('authenticate', 'verify_user_pass', 1, 3); But this is interfering with the wp-login, as it checks to early and redirects to the "client login page" right after landing on the wp-login page. Is …
I have a Plugin similiar to woocommerce which is providing me an REST API Endpoint for getting some user specific data. When I try to access the API via Postman, i get an 401 - Not Authorized Error. Of course, i have to authenticate my user to the api but how? I found this (and many similar) posts to this topic: How to: Make JWT-authenticated requests to the Wordpress API But all these examples seems to be for remote applications. …
Background I am trying to write Rest API code to get the ID of the user who triggers the function in question. I found a fantastic answer to this exact question, that was very kindly provided by user leymaxx: https://wordpress.stackexchange.com/a/329992/220571 Problem and Theories of Cause However, when I test this code (by sending a Get request to my endpoint, using Postman), it always returns 0 when I call get_current_user_id(). I cannot figure out why it is doing this, but I …
I'm maintaining a WordPress site on GoDaddy for a client and they started to get the "this link has expired error" when they saved a post. It does not happen when I upload a file. However, I am getting an "http error" error when I try and upload a file. I've done some research, everyone who experiences this error seems to find a solution with updating the php config files to allow larger uploads, longer input times and so forth. …
I have tried numerous ways to prevent the browser's back button from allowing someone from using it to go back into a visitors logged out profile. The codes I used were supposed to prevent the browser from caching data from the last page visited after logout. They don't work. Wordpress logs the visitor out once they click the logged out button, yes this portion wors. Unfortunately, you can see the last page visited by the person who was logged on. …
I have a wordpress site (lets call it site1) and another site with oauth2 (site2). When a new user is created, a record is created in both site1 and site2 databases with the same email as username, the typed password hashed in site2 database and a dummy (e.g. "pass") password for site1 database. Then login action authenticates with site2 database using a RESTfull API. If authentication is successful, I want to programmatically log the user in to site1 (wordpress), if …
I am trying to add a user to a blog of writings by or about my late father. One of the articles is by my niece, but I cannot add her as a user. The admin form only has one field for password, but when I click "Add new user," I get "Error: Passwords don’t match. Please enter the same password in both password fields." Unfortunately, the form only has one password field! Another QA says "Current versions of WP …
I am writing a custom component in C# that connects to WordPress database at backend. I am trying to authenticate users via Mysql select query but the hash is not matching. I have tried the answers mentioned here but no luck. Can anyone help me with a C# implementation for generating correct hashed passwords as WordPress does. I am using latest version of WordPress
I have a sub-domain which I'm trying to restrict to authenticated Wordpress users but the authentication isn't working. I've tried the following code: global $current_user; wp_get_current_user(); if ( is_user_logged_in() ) { echo 'Username: ' . $current_user->user_login . "\n"; echo 'User display name: ' . $current_user->display_name . "\n"; } else { wp_loginout(); } This works if I use the URL domain.com/intranet/page.php but not on intranet.domain.com/page.php How can I get it to work for subdomains? I've tried adding the following to wp-config.php …
I'm using WordPress REST API (Version 2), and I want to authenticate Android native app with my self-hosted WordPress site. How can I perform that using username and password ?
I'm trying to build an application using ReactJS and Wordpress Rest Api. I'm using JWT Auth Plugin and it works great but if I try to create a new user without being logged I get this error below: { "success": false, "statusCode": 403, "code": "jwt_auth_no_auth_header", "message": "Authorization header not found.", "data": [] } I understand that I need a token to make POST requests but if it's a new user that is trying to register on my application, how can …
I have a use-case where I have a WordPress site and an ASP .NET Core as a Restful API backend. I use the WordPress site entire for Frontend, CMS, and User Authentication. On certain pages of my WordPress site, I've embedded React apps into it. The React app does some API calling to my ASP .NET Core server. Now, I would like to know what is the best way to verify which signed-in WordPress user requested the API in ASP …