WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#19607 closed enhancement (fixed)

home/wp-admin and home/wp-login.php should redirect when home != siteurl

Reported by: nacin Owned by: nacin
Milestone: 3.4 Priority: normal
Severity: normal Version:
Component: Canonical Keywords: has-patch
Focuses: Cc:

Description

Say you have the following setup: home: http://example.com, and siteurl: http://example.com/wordpress.

The wp-admin and wp-login.php links are example.com/wordpress/wp-admin/ and wordpress/wp-login.php. But /wordpress/ can be anything, of course. This makes finding the proper place to log in hard.*

In the case of WordPress in a subdirectory, we should trap 404 requests for /wp-admin/ and /wp-login.php and redirect them to the proper URL.

  • Note that this is not at all a security measure. There are ways to find where the files are located, including HTTP headers and body.

Props @matt for the idea.

Attachments (4)

19607.diff (558 bytes) - added by greuben 2 years ago.
19607.2.diff (638 bytes) - added by nacin 2 years ago.
19607.wp.1.diff (683 bytes) - added by wet 2 years ago.
Add 'wordpress' and 'WordPress' to the list of canonicalized login routes to help brand-centric users.
19607.network-redirect.patch (593 bytes) - added by ocean90 2 years ago.

Download all attachments as: .zip

Change History (22)

comment:1 nacin2 years ago

  • Keywords needs-patch added

greuben2 years ago

comment:2 greuben2 years ago

  • Keywords has-patch added; needs-patch removed

The redirect works only when permalinks are enabled.

comment:3 follow-up: dd322 years ago

That patch looks like it might have some issues for the new %postname% case with a post such as "WP Admin is now faster!".

comment:4 in reply to: ↑ 3 greuben2 years ago

Replying to dd32:

That patch looks like it might have some issues for the new %postname% case with a post such as "WP Admin is now faster!".

The redirect is made in WP::handle_404(), so it wont interfere with any posts/pages/attachments permalinks.

nacin2 years ago

comment:5 nacin2 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [19875]:

When WordPress is in a subdirectory (home URL != site URL), let home/wp-admin and home/wp-login.php redirect to their proper locations. props greuben for initial patch, fixes #19607.

comment:6 nacin2 years ago

In [19877]:

Use correct variable. see #19607.

comment:7 nacin2 years ago

In [19878]:

Let wp-admin work as well as wp-admin/ for the canonical redirect. see #19607.

comment:8 nacin2 years ago

Further thoughts: Why not redirect /admin, /dashboard, and /login as well?

Would probably warrant pulling out of canonical.

comment:9 nacin2 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:10 nacin2 years ago

Something like:

add_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );

function wp_redirect_admin_locations() {
	global $wp_rewrite;
	if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) )
		return;

	$admins = array(
		home_url( 'wp-admin', 'relative' ),
		home_url( 'dashboard', 'relative' ),
		home_url( 'admin', 'relative' ),
	);
	if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $admins ) ) {
		wp_redirect( admin_url() );
		exit;
	}

	$logins = array(
		home_url( 'wp-login.php', 'relative' ),
		home_url( 'login', 'relative' ),
	);
	if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins ) ) {
		wp_redirect( site_url( 'wp-login.php', 'login' ) );
		exit;
	}
}

comment:11 nacin2 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In [19880]:

In case of 404, redirect /login, /dashboard, /admin to corresponding WP equivalents. fixes #19607.

comment:12 ryan2 years ago

Looks good.

wet2 years ago

Add 'wordpress' and 'WordPress' to the list of canonicalized login routes to help brand-centric users.

comment:13 follow-up: wet2 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:14 in reply to: ↑ 13 nacin2 years ago

Replying to wet:

Add 'wordpress' and 'WordPress' to the list of canonicalized login routes to help brand-centric users.

It's a fine idea in theory, but often, WordPress is actually going to be installed in the /wordpress/ subdirectory (in the case of home and siteurl being different). I could come around to it, but [19880] et al. is probably a good first few steps.

comment:15 nacin2 years ago

FWIW, this can also get confusing quickly. We're not going to advertise "Hey, new shortcuts for accessing the admin" in the 3.4 release notes. They only work if you don't have a conflicting page or some other URL, and if you are using permalinks. I understand someone saying "Go to example.com/admin" on a phone call, let's say, but /wordpress is less likely to find the admin area.

comment:16 wet2 years ago

Accepted, although this assumption is mostly true in an english-speaking culture. The other new shortcut "dashboard" does not mean a lot elsewhere, for instance. "WordPress" might come out as a more globally recognized moniker.

comment:17 Ipstenu2 years ago

  • Cc ipstenu@… added

comment:18 duck_2 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

I believe that we're done here.

Note: See TracTickets for help on using tickets.