I’ve discovered the following stuff. This kind of login is called internally Interim. It works thanks to the continuous polling offered by the Heartbeat API. The prefix of the expired session functionality is wp-auth-check and the important bit for me was a little script at /wp-includes/js/wp-auth-check.js. When the auth check request is sent to the … Read more
There are 5 options 1) Ask The Client You haven’t been given what you need to do your work, so you should request it rather than hacking in to the clients site. This would be the Professional and ethical thing to do 2) Reset Password link Using the standard password reset link should do the … Read more
Failing to authenticate should do the trick for all the kinds of possible authentication – login form, xmlrpc, ajax, whatever Edit: actually realized there is a way to save sending the user related query to the DB function wpse208677_authenticate($user,$username,$pass) { remove_filter(‘authenticate’,’wp_authenticate_username_password’,20,3); return null; // if you want to whitelist your ip check for it and … Read more
A long time since I last did this on a site, but this is the gist. You want to hook into wp_authenticate_user which will fire after WP has tried to authenticate the user but before logging the user in. You’ll receive either a WP_User object or a WP_Error object and you should return either a … Read more
You can add an extra help message box, on the reset password screen: with the following: /** * Display an extra help message box on the ‘reset password’ screen * * @link http://wordpress.stackexchange.com/a/204429/26350 */ add_action( ‘validate_password_reset’, function( $errors ) { add_action( ‘login_message’, function( $message ) { // Modify this help message box to your needs: … Read more
Are you formatting the mysql2date() input string as ‘Y-m-d H:i:s’, as specified in the Codex? Also, why not use this same format as $date_format? EDIT: What output do you get for $last_login? The second argument in human_time_diff() is optional. Why not just omit it? That way, if you get valid output from $last_login, you should … Read more
I figured this one out finally. It turns out that the data in the wp_usermeta table for user_id=1 (admin) was corrupted. This was apparently causing the SSL redirect issue when trying to login to any domains. Once I restored the proper data for user_id=1 into wp_usermeta, everything worked fine. I would much rather have WordPress … Read more
If you are using a newer version of WordPress, you’ll see that you can’t both edit the same page/post because it will show that as locked (you can take over though). I agree that a separate admin account would be good. WordPress is designed to support many users logged in and active. The only issue … Read more
4.0 made a change to the structure of the authentication cookie and added a “token” feild to it. I assume that you were logged out because your older style cookie didn’t match the new format.
Wrangled up some things to check: @otto via comment on this post Look at the login page’s HTML source. Is there anything at all before the initial DOCTYPE line? Even a blank line? If so, then you have some piece of code creating output before the headers are made, in which case this prevents it … Read more