Score:0

trying to redirect in .htaccess unless it's an admin

us flag

I am trying to write a rule in .htaccess that redirects all /wp-admin to /login UNLESS a certain user (WebAdministrator) is logging in. How do I make such a rule?

If I use:

Rewriterule ^wp-admin /login [R=301,NC,L]

then it breaks it because it will keep redirecting to /login, even for the administrator since when the administrator logs in they are supposed to see the panel at /wp-admin

in flag
How is Apache supposed to know who the user is?
Jed Booth avatar
us flag
It can't. I am running Apache on the server and figured that if I tag Apache, it would broaden the audience, and most people who are real administrators who run Apache would see this and it would be easy for them.
in flag
If Apache can't distinguish between the users, how should it know when to redirect and when not?
Score:1
jp flag

You have a chicken-and-egg problem. You don't know if a user is an administrator until he is logged in, so you don't have the information to make conditional redirect before login.

Jed Booth avatar
us flag
I love the analogy. haha Thank you.
Score:1
cn flag

There are a couple of ways to do this in apache, but none are great.

The best way is to do this in wordpress instead, either building a tiny wordpress plugin to change all wp-login.php (the login page location) to your custom /login using the relevant hook: https://developer.wordpress.org/reference/hooks/login_url/

The only ways an apache rewrite could know if someone is logged in would be to ask wordpress or read the cookie directly.

For the former, you will want a custom script running from the rewrite module using RewriteMap's PRG mode (https://httpd.apache.org/docs/current/rewrite/rewritemap.html#prg) to run a PHP script that queries wordpress' authentication system to see if they're logged in, and rewrite appropriately.

You can also check against the cookie value directly by using a RewriteCond based on the HTTP_COOKIE variable (see https://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#RewriteCond)

Both of these are extremely brittle hacks, however, and I'd highly recommend doing it in WP instead.

kz flag
"check against the cookie value directly" - although you wouldn't be able to actually _validate_ the cookie unless you used a "custom script" as mentioned previously. And this doesn't get around the "chicken-and-egg" issue... how does the "Admin" login in the first place if the URL used to login is redirected?
cn flag
Because the URL used to login to a wordpress install is /wp-login.php, rather than /wp-admin. Though as the question mentions redirecting to /login, I'm assuming there's a missing piece somewhere.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.