I have a site based on WordPress. This site has some functions for member only. One of the functions is a external script and I believe anyone can access this without authentication.
I can add .htaccess to this script to prevent unauthorized access. But then my users have to login again and it’s kind of inconvenient.
Is there any solution to add some check to my script that use the same WordPress authentication mechanism, that is, if user already login, he have full access to the script. If not, he will be redirected to WordPress login page.
EDIT: My script is written in PHP
1 Answer
Just add this at the top of your file:
require_once($_SERVER['DOCUMENT_ROOT'].'/wp-blog-header.php');
// If you run multisite, you might nees this to prevent 404 error
header('HTTP/1.1 200 OK');
Note that the file must be in the same folder as your theme.
Then you can use is_user_logged_in before executing the rest of the script.
If use is not logged in, then just trigger the login form or a login plugin.