Registration on my site is disabled and the only way to comment is via social login. But logged people can see the admin bar and access the pages (URLs) /wp-admin and /wp-login / and /wp-admin/profile.php
Is there a configuration on WPDiscuz, or a code (snippet), to prevent such access?
I don’t want users to ever see the WordPress back-end (!)
Hi @doctorbr,
This artilce should be helpful for you: https://blog.hubspot.com/website/how-to-limit-wordpress-dashboard-access
Hello, @Asti
I added 2 snippets (codes below).
add_action('after_setup_theme', 'remove_admin_bar');
function remove_admin_bar() {
if (!current_user_can('administrator') && !is_admin()) {
show_admin_bar(false);
}
}
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) && ! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_safe_redirect( home_url() );
exit;
}
}
But users logged in by wpDiscuz via social login can still access the /wp-login.php page and this generates a lot of confusion, as the username collected by wpDiscuz appears as a user name in the “User Name” field of the default WordPress form (page /wp-login.php).
Is there an effective way to change URL /wp-login.php via wpDiscuz?
Sure if you have a login page you can isnert the URL in the Dashboard > wpDiscuz > Settings > User Authorization and Profile Data tab.
More info here: https://wpdiscuz.com/community/f-a-q/change-login-url/
