First, check for get_current_user_id. Then create a log of visits by adding information to a user’s metadata with update_user_meta & get_user_meta. On every page hit that you care about you can run a function to determine rate/limit of usage per user. If they break the rules, you can redirect to a page that doesn’t contain … Read more
This is the correct format for a cookie to expire in one hour (3600 seconds): setcookie(‘rma_member’, true, time() + 3600, COOKIEPATH, COOKIE_DOMAIN); setcookie Expire: The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch. In other words, you’ll most likely set this with the time() function … Read more
After cloning my WordPress database to another server, I cannot log in
I found the solution for using below function: function auto_login() { // make sure user is not logged in and “user” was POST’d $username = isset( $_POST[‘user’] )? $_POST[‘user’] : false; if ( ! is_user_logged_in() && $username ){ // load the user by username $user = get_user_by( ‘login’, $username ); if ( $user ) { … Read more
WordPress is not a platform for SSO, and do not include any API to support such a use case. You can develop a JSON end point to validate users, but the work flow you describe will probably not match it.
Random authentication failures on a load balanced WP setup
According to answer here: All logged in users use resources from wp-admin and plugins, not just admins. The cookies are for keeping track of the logged in user’s authorization to access each resource. If a visitor does not log in, no cookies are set at all by default. Themes or plugins may do so though.
It is a bad API design to return different structure based on “external data” not passed in the request itself. Either construct different API for logged in users and use a different end point for it, or return a “filler” when the user do not have permission to access the data. (and it is always … Read more
OK, figured out my own problem. In case anyone else stumbles across this and has similar issues: The problem was due to incomplete/incorrect implementation of SSL. I had recently moved everything to SSL (and setup both wp-config and .htaccess to force use of https). This created a problem for some links to pages that were … Read more
Part of the problem is you’ve set the priority of your filter to “1” which means it will run first. Since authenticate is going to run on any login (wp-login.php or your front-end login page), you probably need to start with setting it to the default (10). Otherwise, it’s just going to hijack your wp-login.php. … Read more