I have one WordPress website. when some can log in and save cookies in the local system after that they are able to access through without login via direct URL Typing?
can anyone have an idea? how to solve this.
Asked
Active
Viewed 524 times
1 Answers
0
You could set an array of allowed referees urls. If our demand isn't coming from one of theses referees then we redirect the user.
<?php
add_action( 'wp', function() {
if( ! is_admin() && ! is_home() || ! is_front_page() ) {
$base = [ // ... allowed referees
'https://github.com/', // ... referee 1
'https://stackoverflow.com/', // ... referee 2
// ... etc.
];
if( ! in_array( $_SERVER['HTTP_REFERER'], $base ) ) { // ... if not in referees
header( 'Refresh: 3; ' . esc_url( home_url() ) ); // ... automatically redirect user after 3 seconds
wp_die( 'Something went wrong.', NULL, $args = array( 'back_link' => true, ) ); // ... kills Wordpress execution and displays an HTML page with an error message
exit; // ... terminate the current script
};
};
} ); ?>
That should prevent direct access. Either from typing the url or bookmarking it. The only way to access it would be via a link on a the referee page.
You don't want your whole website to be inaccessible, don't forget to restrict the conditional statement even more ( eg: is_page() or ... ).
amarinediary
- 4,930
- 4
- 27
- 45