Opened 13 years ago
Closed 13 years ago
#19607 closed enhancement (fixed)
home/wp-admin and home/wp-login.php should redirect when home != siteurl
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.4 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Canonical | Keywords: | has-patch |
Focuses: | Cc: |
Description
Say you have the following setup: home: http://example.com, and siteurl: http://example.com/wordpress.
The wp-admin and wp-login.php links are example.com/wordpress/wp-admin/ and wordpress/wp-login.php. But /wordpress/ can be anything, of course. This makes finding the proper place to log in hard.*
In the case of WordPress in a subdirectory, we should trap 404 requests for /wp-admin/ and /wp-login.php and redirect them to the proper URL.
- Note that this is not at all a security measure. There are ways to find where the files are located, including HTTP headers and body.
Props @matt for the idea.
Attachments (4)
Change History (22)
#3
follow-up:
↓ 4
@
13 years ago
That patch looks like it might have some issues for the new %postname% case with a post such as "WP Admin is now faster!".
#4
in reply to:
↑ 3
@
13 years ago
Replying to dd32:
That patch looks like it might have some issues for the new %postname% case with a post such as "WP Admin is now faster!".
The redirect is made in WP::handle_404(), so it wont interfere with any posts/pages/attachments permalinks.
#5
@
13 years ago
- Owner set to nacin
- Resolution set to fixed
- Status changed from new to closed
In [19875]:
#8
@
13 years ago
Further thoughts: Why not redirect /admin, /dashboard, and /login as well?
Would probably warrant pulling out of canonical.
#10
@
13 years ago
Something like:
add_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 ); function wp_redirect_admin_locations() { global $wp_rewrite; if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) ) return; $admins = array( home_url( 'wp-admin', 'relative' ), home_url( 'dashboard', 'relative' ), home_url( 'admin', 'relative' ), ); if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $admins ) ) { wp_redirect( admin_url() ); exit; } $logins = array( home_url( 'wp-login.php', 'relative' ), home_url( 'login', 'relative' ), ); if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins ) ) { wp_redirect( site_url( 'wp-login.php', 'login' ) ); exit; } }
@
13 years ago
Add 'wordpress' and 'WordPress' to the list of canonicalized login routes to help brand-centric users.
#14
in reply to:
↑ 13
@
13 years ago
Replying to wet:
Add 'wordpress' and 'WordPress' to the list of canonicalized login routes to help brand-centric users.
It's a fine idea in theory, but often, WordPress is actually going to be installed in the /wordpress/ subdirectory (in the case of home and siteurl being different). I could come around to it, but [19880] et al. is probably a good first few steps.
#15
@
13 years ago
FWIW, this can also get confusing quickly. We're not going to advertise "Hey, new shortcuts for accessing the admin" in the 3.4 release notes. They only work if you don't have a conflicting page or some other URL, and if you are using permalinks. I understand someone saying "Go to example.com/admin" on a phone call, let's say, but /wordpress is less likely to find the admin area.
#16
@
13 years ago
Accepted, although this assumption is mostly true in an english-speaking culture. The other new shortcut "dashboard" does not mean a lot elsewhere, for instance. "WordPress" might come out as a more globally recognized moniker.
The redirect works only when permalinks are enabled.