Join Log in
Score:0
Jed Booth avatar Server

trying to redirect in .htaccess unless it's an admin

us flag
Jed Booth

I am trying to write a rule in .htaccess that redirects all /wp-admin to /login UNLESS a certain user (WebAdministrator) is logging in. How do I make such a rule?

If I use:

Rewriterule ^wp-admin /login [R=301,NC,L]

then it breaks it because it will keep redirecting to /login, even for the administrator since when the administrator logs in they are supposed to see the panel at /wp-admin

76
0 + 0
in flag
Gerald Schneider
How is Apache supposed to know who the user is?
2
Reply
Jed Booth avatar
us flag
Jed Booth
It can't. I am running Apache on the server and figured that if I tag Apache, it would broaden the audience, and most people who are real administrators who run Apache would see this and it would be easy for them.
0
Reply
in flag
Gerald Schneider
If Apache can't distinguish between the users, how should it know when to redirect and when not?
0
Reply
Score:1
avatar Server
jp flag
AlexD

You have a chicken-and-egg problem. You don't know if a user is an administrator until he is logged in, so you don't have the information to make conditional redirect before login.

0 + 0
Jed Booth avatar
us flag
Jed Booth
I love the analogy. haha Thank you.
0
Reply
Score:1
avatar Server
cn flag
Aquarion

There are a couple of ways to do this in apache, but none are great.

The best way is to do this in wordpress instead, either building a tiny wordpress plugin to change all wp-login.php (the login page location) to your custom /login using the relevant hook: https://developer.wordpress.org/reference/hooks/login_url/

The only ways an apache rewrite could know if someone is logged in would be to ask wordpress or read the cookie directly.

For the former, you will want a custom script running from the rewrite module using RewriteMap's PRG mode (https://httpd.apache.org/docs/current/rewrite/rewritemap.html#prg) to run a PHP script that queries wordpress' authentication system to see if they're logged in, and rewrite appropriately.

You can also check against the cookie value directly by using a RewriteCond based on the HTTP_COOKIE variable (see https://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#RewriteCond)

Both of these are extremely brittle hacks, however, and I'd highly recommend doing it in WP instead.

0 + 0
kz flag
MrWhite
"check against the cookie value directly" - although you wouldn't be able to actually _validate_ the cookie unless you used a "custom script" as mentioned previously. And this doesn't get around the "chicken-and-egg" issue... how does the "Admin" login in the first place if the URL used to login is redirected?
0
Reply
cn flag
Aquarion
Because the URL used to login to a wordpress install is /wp-login.php, rather than /wp-admin. Though as the question mentions redirecting to /login, I'm assuming there's a missing piece somewhere.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.