I’m having trouble with my WordPress password-protected page. I want to show a message when someone enters the wrong password but it’s not working. Here’s what I’ve tried:
function custom_login_form() {
global $post;
$form_id = 'pwbox-' . (empty($post->ID) ? rand() : $post->ID);
$login_url = 'https://example.com/login/';
$error_msg = '';
if ($_SERVER['HTTP_REFERER'] === $login_url && !isset($_COOKIE['wp-postpass_' . COOKIEHASH])) {
$error_msg = '<p style="color:red;">Oops! Wrong password. Try again.</p>';
}
$form = '<form class="login-form" action="' . esc_url(site_url('wp-login.php?action=postpass', 'login_post')) . '" method="post">';
$form .= '<h3>Enter password for Q-Notes access</h3>';
$form .= '<label for="' . $form_id . '">Password: </label>';
$form .= '<input name="post_password" id="' . $form_id . '" type="password" maxlength="20" />';
$form .= '<input type="submit" value="Log In" />';
$form .= '</form>' . $error_msg;
return $form;
}
add_filter('the_password_form', 'custom_login_form');
I think the issue might be with the cookie, but I’m not sure. Can someone point out what I’m doing wrong? Thanks!
I’ve dealt with this issue before, and it can be tricky. The problem is likely related to how WordPress handles form submissions and redirects for password-protected pages.
Instead of relying on cookies or referrers, you might want to try using the ‘login_errors’ filter to customize the error message. Here’s an approach that worked for me:
function custom_password_error_message($error) {
if (strpos($error, 'password you entered for the post') !== false) {
return 'Oops! Wrong password. Please try again.';
}
return $error;
}
add_filter('login_errors', 'custom_password_error_message');
This method intercepts WordPress’s built-in error messages and allows you to customize them. It’s more reliable than trying to manage the error display yourself.
Also, make sure your custom form action is correct. The ‘wp-login.php’ approach can sometimes cause issues. Try using the current URL instead:
$action = esc_url(add_query_arg('action', 'postpass', wp_unslash($_SERVER['REQUEST_URI'])));
Hope this helps you resolve the issue!
hey swiftcoder, i think ur problem might be with the cookie check. instead of using $_COOKIE, try using wp_check_password() function to verify the password. also, ur error message won’t persist across page reloads. consider using sessions or a custom query parameter to track login attempts. hope this helps!
I’ve encountered a similar issue before. The problem likely stems from how WordPress handles password protection internally. Instead of relying on cookies or HTTP referrers, consider using the ‘post_password_required’ function to check if the correct password was entered.
Here’s a modified approach you could try:
function custom_login_form($output) {
global $post;
if (post_password_required($post)) {
$form_id = 'pwbox-' . $post->ID;
$error_msg = isset($_GET['login']) && $_GET['login'] == 'failed' ? '<p style="color:red;">Incorrect password. Please try again.</p>' : '';
$output = '<form action="' + esc_url(site_url('wp-login.php?action=postpass', 'login_post')) + '" method="post">';
$output += $error_msg;
$output += '<label for="' + $form_id + '">Password: </label>';
$output += '<input name="post_password" id="' + $form_id + '" type="password" maxlength="20" />';
$output += '<input type="submit" value="Submit" />';
$output += '</form>';
}
return $output;
}
add_filter('the_password_form', 'custom_login_form');
This should provide a more reliable way to display your custom message. Remember to handle the ‘login’ parameter in your template or through another hook to set it when the password is incorrect.