Custom WordPress Redirect on Login Fail
I use this snippet to change the default redirect to /wp-login when user authentication fails on attempted login.
//redirects user to the page the login form is on and adds ?login=failed to the url
add_action( ‘wp_login_failed’, ‘my_front_end_login_fail’ ); // hook failed login
//redirect on login fail (doesn’t work when user clicks empty form. The FILTER BELOW custom_authenticate_username_password fixes this problem)
function my_front_end_login_fail( $username ) {
$referrer = $_SERVER[‘HTTP_REFERER’]; // where did the post submission come from?
// if there’s a valid referrer, and it’s not the default log-in screen
if ( !empty($referrer) && !strstr($referrer,’wp-login’) && !strstr($referrer,’wp-admin’) ) {
wp_redirect( add_query_arg(‘login’, ‘failed’, $referrer) ); // let’s append some information (?login=failed) to the URL for the theme to use
exit;
}
}
//Add this filter to change how blank username/password is treated (fixes redirect when form fields are empty)
add_filter( ‘authenticate’, ‘custom_authenticate_username_password’, 30, 3);
function custom_authenticate_username_password( $user, $username, $password )
{
if ( is_a($user, ‘WP_User’) ) { return $user; }
if ( empty($username) || empty($password) )
{
$error = new WP_Error();
$user = new WP_Error(‘authentication_failed’, __(‘<strong>ERROR</strong>: Invalid username or incorrect password.’));
return $error;
}
}
To display an error on the login page add this snippet that checks the $_GET for failed login and then displays the error
<?php if ($_GET[‘login’] == failed) { ?><p class=”error”>Incorrect username or password</p><?php }; ?>
And here is the CSS for the WordPress error styling.
.error{
border: solid 1px #c00;
padding: 5px;
color: #c00;
background: #ffebe8;
-webkit-border-radius: 3px;
border-radius: 3px;
margin-top: 5px;
}