Skip to content
Read For Learn
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP

how to prevent wordpress admin from logging in via woocommerce my-account page

To achieve this we can prevent admins from being authenticated into the site even with correct login and password unless they are using the WordPress default form instead of the WooCommerce login page.

First, we need to distinguish between one form and the other when processing the login request, to do so we need to add a hidden field to WP’s core login form:

/**
 * Add a hidden field to admin login page to distinguish where request originated
 */
function wpse_398884_add_admin_login_hidden_field() {
    echo '<input type="hidden" name="admin-login-page" value="1" />';
}
add_action( 'login_form', 'wpse_398884_add_admin_login_hidden_field', 10, 0 );

Then we hook to filter inside the wp_authenticate function. First we check if the user was correctly authenticated and then if admin-login-page variable is set. If it is not, that means login was made from WooCommerce form so we return an error with a message for the user.

/**
 * Restrict admin login access only to main WordPress login form
 */
function wpse_398884_restrict_admin_login_location( $user, $username, $password ) {

    if ( $user instanceof WP_User && ! isset( $_POST['admin-login-page'] ) ) {
        if ( array_intersect( (array) $user->roles, [ 'administrator' ] ) ) {
            return new WP_Error( 'admin-error', 'Use admin login page instead.' );
        }
    }

    return $user;
}
add_filter( 'authenticate', 'wpse_398884_restrict_admin_login_location', 40, 3 );

Related Posts:

  1. esc_attr() right way and use
  2. Enforcing password complexity
  3. Adding “Remember Me” in custom login
  4. Does My Child-Theme Functions.php Need if{die} Security In It? [duplicate]
  5. How build a custom login/register form with error handling?
  6. How Attackers write script into my php files?
  7. Renaming wp-content folder dynamically
  8. How do I create a WP user outside of WordPress and auto login?
  9. How to redirect users to custom lostpassword page?
  10. Security – Ajax and Nonce use [closed]
  11. Can I write ‘RewriteCond’ using ‘functions.php’?
  12. Is it unsafe to put php in the /wp-content/uploads directory?
  13. WordPress 4 invalid username special charachters issue
  14. Remove “Remember Me” from login form
  15. Sanitize get_query_var() url parameters
  16. When must I use and verify nonce?
  17. Hiding WordPress Plugin Source Code
  18. Is this code malidcous
  19. Change WordPress default registration error text [Error: This username is invalid because it uses illegal characters. Please enter a valid username.]
  20. Admin username and password
  21. Evaluations of two wordpress security plans against php code injection attack
  22. Anyway to output the registration form like the login form with wp_login_form()?
  23. WordPress custom login form using Ajax
  24. Overriding WP login credentials
  25. Wp-login appears White Screen, Error: Cannot modify header information
  26. Detect session/cookie variable in wordpress to prevent access to documents
  27. Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
  28. SQL Injection blocked by firewall
  29. How to prevent XSS alter custom global javascript object & methods in WordPress
  30. Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
  31. Cannot execute php files in wp-content
  32. How do I get around “Sorry, this file type is not permitted for security reasons”?
  33. Security: blocking direct access of php files
  34. Correct and safe way to include php content in my page
  35. Password minimum length in personal subscription [closed]
  36. How to add API security keys into JS of wordpress securely
  37. Is it best to avoid using $wpdb for security issues?
  38. Hardening uploads folder in IIS breaks images
  39. Troll the hackers by redirecting them
  40. Security updates to 3.3.2
  41. How to hook a logout funtion for specific usr role in wordpress?
  42. malware undetectable by multiple scans
  43. Shortcode to embed Edit Account form not working
  44. Decoded malware code [closed]
  45. How do I create a function that modifies a message in the wp-login.php file?
  46. One account with multiple logins
  47. Edit Account – read and write to MySQL
  48. Updating From Mobile App – Exposing Site to Hacking
  49. security concerns if using html data-* attribute for l10n?
  50. How to correctly escape an echo
  51. Reject all malicious URL requests functions.php
  52. portfolio site – about this site section – is it safe to post some code
  53. Removing “There is no account with that username or email address.” error message in “/wp-login.php?action=lostpassword”
  54. Custom Login page, redirection and restrictions
  55. echo cutom css code to WordPress page template file ? is this safe?
  56. Billing detail page doesn’t work after I’ve changed the order of the Woocommerce navigation
  57. how can I call a function when time expire
  58. How to secure my php forms
  59. Infinite loop when logging out using custom login form
  60. $.ajax results in 403 forbidden
  61. Site infected by link
  62. Access WP files on “server 1”, from “server 2” – using wp-load on an external website
  63. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  64. Query to show average # of months all accounts with specific role have been active
  65. Retrieve $_POST data to send to javascript without using localize script
  66. Previewing/Updating some Pages causes “The requested URL was rejected” Error
  67. What is the best practice for restricting a section to logged in users?
  68. How to quickly/easily make an analysis (reverse engineering) of WordPress?
  69. Redirect users by role to custom pages
  70. How to hide header and footer from page template
  71. How do you create a front end form that enables the editing of member-specific custom fields in WordPress?
  72. what to do after instlling cyberpanel on VPS
  73. using custom pages for myaccount in woocommerce
  74. get taxonomy thumbnail and use it as a variable in code
  75. What are the advantages/disadvantages of using jQuery DOM manipulation as opposed to PHP DOM manipulation?
  76. update_post_meta on multi-dimensional array options
  77. How to hook code to show after the_content?
  78. Why doesn’t add_filter have the option to include a callback for each run?
  79. Issue with php version 7.2 in running search
  80. Sending a custom form data in email through WP Mail Function
  81. Woocommerce Email attachments not working – file not being attached
  82. Counting Search results, and displaying the offset per page
  83. Run a code only on theme activation only during first activation
  84. Best way to use a large array in function
  85. Plugin Generate Unexpected output during activation
  86. WordPress Environment: Dynamic Page using shortcode – how to change the page name for sharing
  87. AJAX button action in foreach
  88. Disable plugin function to use my own
  89. Shortcode from a function not working
  90. Add Codepen animation as Preloader to WordPress
  91. Reason to add a name of the theme like (‘menu-1’ => __( ‘Primary’, ‘twentynineteen’ ),) in PHP?
  92. Exclude posts with specific metadata from search?
  93. Path for php file for inserting data through html form
  94. Normal PHP array for exclude section of WordPress query?
  95. Setting user nickname and displayname to shortened email
  96. Include Parent Term in wp_list_categories
  97. How to make an embeded a Youtube video from custom field text responsive to screen size?
  98. How to create pagination for users list using custom array?
  99. Only allowing some emails to create an account [closed]
  100. Buddypress update user avatar image via REST
Categories PHP Tags account, php, security, wp-login-form
How to Define Multiple List Tables in a Single Submenu
Call to undefined function is_home() or any conditional tags

Recommended Hostings

Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

Recent Added Topics

  • Bug in translation system: load_theme_textdomain() returns true, files are available and accessible but the language defaults to english
  • Custom Elementor controls not appearing in the widget Advanced tab using injection hooks
  • Get the name of the template/*html file used
  • Trying to Add Paging to Single Post Page
  • Sharing media files between live and staging servers
  • How to display the description of a custom post type in the dashboard?
  • Critical error on image display
  • Copying WP data and files into new install?
  • How to determine the DirectAdmin WordPress backup date?
  • How to get list of ALL tables in the database?
© 2026 Read For Learn
  • Database
    • Oracle
    • SQL
  • algorithm
  • asp.net
  • assembly
  • binary
  • c#
  • Git
  • hex
  • HTML
  • iOS
  • language angnostic
  • math
  • matlab
  • Tips & Trick
  • Tools
  • windows
  • C
  • C++
  • Java
  • javascript
  • Python
  • R
  • Java Script
  • jQuery
  • PHP
  • WordPress