The REST API included in WordPress doesn’t actually have authentication built into it. If you do normal authentication in WordPress by logging in, then your browser will receive a set of cookies. If you send those cookies along with your request, then that will authenticate you to perform the actions in question. If you need … Read more
This is similar to Shawn H’s answer but is more effective for me. I already had registrations disabled, but bots still show up constantly to try anyway. My goal was to completely kill all requests to the registration form to avoid the load on my server (and mess in my logs) caused by bots trying … Read more
You can do it easily by writing a code inside your theme’s functions.php file. here is the code: function is_valid_email_domain($login, $email, $errors ){ $valid_email_domains = array(“gmail.com”,”yahoo.com”);// whitelist email domain lists $valid = false; foreach( $valid_email_domains as $d ){ $d_length = strlen( $d ); $current_email_domain = strtolower( substr( $email, -($d_length), $d_length)); if( $current_email_domain == strtolower($d) ){ … Read more
Do you think this will be safe? Maybe. Two issues. You also need to make sure the key isn’t guessable. No incrementing numbers. You can use something like wp_generate_password to get some psuedo random characters. Use a random “salt” plus the user’s email and sign up time or uniqid and you stand a pretty good … Read more
Another simple way to do this without needing to add another script is using PHP’s str_replace function. $args = array( ‘echo’ => false, ); $form = wp_login_form( $args ); //add the placeholders $form = str_replace(‘name=”log”‘, ‘name=”log” placeholder=”Username”‘, $form); $form = str_replace(‘name=”pwd”‘, ‘name=”pwd” placeholder=”Password”‘, $form); echo $form;
I’ve tried a few different approaches for verifying the user’s email. For now, what I am doing is this: When a user first registers, set the user’s user_metadata ’email_not_verified’ to 1. add_action( ‘user_register’, ‘sc_user_email_not_verified’ ); function sc_user_email_not_verified( $user_id ) { update_user_meta( $user_id, ’email_not_verified’, 1 ); } Then, override the wp_new_user_notification function so that it adds … Read more
You’re looking in the wrong place. When a user first attempts to register, their username and email is processed and sanitized inside the register_new_user() function in wp-login.php. This is where you want to do your filtering. Before the user is created, WordPress will pass the sanitized user login, email address, and an array or errors … Read more
After much research, I finally turned to examining the WordPress core file wp_login.php hoping that WP would show how they do it in a non-obtuse manner. From the information around line 331 (WP 4.6.1), I put together the following code. <?php global $gw_activate_template; extract( $gw_activate_template->result ); $url = is_multisite() ? get_blogaddress_by_id( (int) $blog_id ) : … Read more
Use the plugin WordPress Social Login: http://wordpress.org/extend/plugins/wordpress-social-login/ Does exactly what you want except the user doesn’t actually have to type in their username and password if they are already logged in to Google Apps – they just click the Google icon and it will log them in to WordPress using Google Apps. And yes, you … Read more
The nicename is (usually) just a sanitized version of the username. It’s suppose to be ‘nice’ in the sense that it is the ‘nicename’ that is used as a slug, for example: www.yoursite.com/author/my-nice-name/ will take you to the archive of the author with nicename ‘my-nice-name’. The documentation simply describes it as A string that contains … Read more