Redirect Failed Login Attempts To Any Location In WordPress

Adding the following code snippet into the functions.php of your wordpress theme will allow you to redirect failed login attempts to any location.

/* Adding this snippet to the functions.php or your wordpress theme will allow you to redirect failed login attempts to any location. */

add_action( 'wp_login_failed', 'dcg_redirect_failed_login' ); 

function dcg_redirect_failed_login( $username ) {
    $referrer = $_SERVER['HTTP_REFERER'];
    if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') ) {
        wp_redirect( $referrer . '?login=failed' ); 
        exit;
    }
}

• View above code on Github Gist →

2 thoughts on “Redirect failed login attempts to any location in WordPress”

Howdy. Wouldn’t it be better to use a native WordPress function like wp_get_referer() instead of $_SERVER[‘HTTP_REFERRER’]? Also, $referrer should probably be sanitized there with esc_url_raw() or something like that, and/or use wp_safe_redirect() instead – just to be sure $referrer wasn’t spoofed.

Dipak C. Gajjar

September 10, 2015 at 3:18 am

Greg, Totally agree with you. Thanks for suggestions. ?

Comments are closed.

2 thoughts on “Redirect failed login attempts to any location in WordPress”

Let's discuss your project

Popular Services & Plugins

Partners