Make WordPress Core

Opened 13 years ago

Closed 13 years ago

#19607 closed enhancement (fixed)

home/wp-admin and home/wp-login.php should redirect when home != siteurl

Reported by: nacin's profile nacin Owned by: nacin's profile nacin
Milestone: 3.4 Priority: normal
Severity: normal Version:
Component: Canonical Keywords: has-patch
Focuses: Cc:

Description

Say you have the following setup: home: http://example.com, and siteurl: http://example.com/wordpress.

The wp-admin and wp-login.php links are example.com/wordpress/wp-admin/ and wordpress/wp-login.php. But /wordpress/ can be anything, of course. This makes finding the proper place to log in hard.*

In the case of WordPress in a subdirectory, we should trap 404 requests for /wp-admin/ and /wp-login.php and redirect them to the proper URL.

  • Note that this is not at all a security measure. There are ways to find where the files are located, including HTTP headers and body.

Props @matt for the idea.

Attachments (4)

19607.diff (558 bytes) - added by greuben 13 years ago.
19607.2.diff (638 bytes) - added by nacin 13 years ago.
19607.wp.1.diff (683 bytes) - added by wet 13 years ago.
Add 'wordpress' and 'WordPress' to the list of canonicalized login routes to help brand-centric users.
19607.network-redirect.patch (593 bytes) - added by ocean90 13 years ago.

Download all attachments as: .zip

Change History (22)

#1 @nacin
13 years ago

  • Keywords needs-patch added

@greuben
13 years ago

#2 @greuben
13 years ago

  • Keywords has-patch added; needs-patch removed

The redirect works only when permalinks are enabled.

#3 follow-up: @dd32
13 years ago

That patch looks like it might have some issues for the new %postname% case with a post such as "WP Admin is now faster!".

#4 in reply to: ↑ 3 @greuben
13 years ago

Replying to dd32:

That patch looks like it might have some issues for the new %postname% case with a post such as "WP Admin is now faster!".

The redirect is made in WP::handle_404(), so it wont interfere with any posts/pages/attachments permalinks.

@nacin
13 years ago

#5 @nacin
13 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [19875]:

When WordPress is in a subdirectory (home URL != site URL), let home/wp-admin and home/wp-login.php redirect to their proper locations. props greuben for initial patch, fixes #19607.

#6 @nacin
13 years ago

In [19877]:

Use correct variable. see #19607.

#7 @nacin
13 years ago

In [19878]:

Let wp-admin work as well as wp-admin/ for the canonical redirect. see #19607.

#8 @nacin
13 years ago

Further thoughts: Why not redirect /admin, /dashboard, and /login as well?

Would probably warrant pulling out of canonical.

#9 @nacin
13 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

#10 @nacin
13 years ago

Something like:

add_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );

function wp_redirect_admin_locations() {
	global $wp_rewrite;
	if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) )
		return;

	$admins = array(
		home_url( 'wp-admin', 'relative' ),
		home_url( 'dashboard', 'relative' ),
		home_url( 'admin', 'relative' ),
	);
	if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $admins ) ) {
		wp_redirect( admin_url() );
		exit;
	}

	$logins = array(
		home_url( 'wp-login.php', 'relative' ),
		home_url( 'login', 'relative' ),
	);
	if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins ) ) {
		wp_redirect( site_url( 'wp-login.php', 'login' ) );
		exit;
	}
}

#11 @nacin
13 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In [19880]:

In case of 404, redirect /login, /dashboard, /admin to corresponding WP equivalents. fixes #19607.

#12 @ryan
13 years ago

Looks good.

@wet
13 years ago

Add 'wordpress' and 'WordPress' to the list of canonicalized login routes to help brand-centric users.

#13 follow-up: @wet
13 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

#14 in reply to: ↑ 13 @nacin
13 years ago

Replying to wet:

Add 'wordpress' and 'WordPress' to the list of canonicalized login routes to help brand-centric users.

It's a fine idea in theory, but often, WordPress is actually going to be installed in the /wordpress/ subdirectory (in the case of home and siteurl being different). I could come around to it, but [19880] et al. is probably a good first few steps.

#15 @nacin
13 years ago

FWIW, this can also get confusing quickly. We're not going to advertise "Hey, new shortcuts for accessing the admin" in the 3.4 release notes. They only work if you don't have a conflicting page or some other URL, and if you are using permalinks. I understand someone saying "Go to example.com/admin" on a phone call, let's say, but /wordpress is less likely to find the admin area.

#16 @wet
13 years ago

Accepted, although this assumption is mostly true in an english-speaking culture. The other new shortcut "dashboard" does not mean a lot elsewhere, for instance. "WordPress" might come out as a more globally recognized moniker.

#17 @Ipstenu
13 years ago

  • Cc ipstenu@… added

#18 @duck_
13 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

I believe that we're done here.

Note: See TracTickets for help on using tickets.