According to answer here: All logged in users use resources from wp-admin and plugins, not just admins. The cookies are for keeping track of the logged in user’s authorization to access each resource. If a visitor does not log in, no cookies are set at all by default. Themes or plugins may do so though.
It is a bad API design to return different structure based on “external data” not passed in the request itself. Either construct different API for logged in users and use a different end point for it, or return a “filler” when the user do not have permission to access the data. (and it is always … Read more
OK, figured out my own problem. In case anyone else stumbles across this and has similar issues: The problem was due to incomplete/incorrect implementation of SSL. I had recently moved everything to SSL (and setup both wp-config and .htaccess to force use of https). This created a problem for some links to pages that were … Read more
Part of the problem is you’ve set the priority of your filter to “1” which means it will run first. Since authenticate is going to run on any login (wp-login.php or your front-end login page), you probably need to start with setting it to the default (10). Otherwise, it’s just going to hijack your wp-login.php. … Read more
After reading more, thanks to Jacob’s link and more googling, it turns out that wordpress “nonces” aren’t actually nonces. Nonces are to be used once, but wordpress “nonces” are allowed to be used an unlimited number of times for 2 “ticks”, which normally means between 12 and 24 hours. These wordpress “nonces” are actually tied … Read more
Considering your code to be working, simply put it in a plugin. It should then work!
You need to debug the main issue first wp-config.php define(‘WP_DEBUG’, true); define(‘WP_DEBUG_LOG’, true); define(‘WP_DEBUG_DISPLAY’, false); functions.php // define the wp_mail_failed callback function action_wp_mail_failed($wp_error) { return error_log(print_r($wp_error, true)); } // add the action add_action(‘wp_mail_failed’, ‘action_wp_mail_failed’, 10, 1); For more detail read this article LINK
After upgrading to WP 5.1.1 sometimes I need to reauth infinitively
Extend Cookie with auth_cookie_expiration not working
You can set up your server to protect a directory of your choice and allow access only to the user running apache/nginx/etc. You would have to write something to verify the user’s credentials and then deliver the file or redirect to the proper url. It’s not difficult, but I don’t know of a solution that … Read more