Customizing Front-End and Backend Login for WordPress
Whether you want your users to log in from the front-end or backend of your websites, WordPress allows you to fully customize the experience for both.
Occasionally, when building a WordPress website you might think that the built-in login page doesn’t exactly meet your needs. Sometimes, you might want the login form embedded into your site’s front-end. Other times, you might need functionality that isn’t available using the default /wp-login.php page.
We’ve previously looked at how to completely customize the WordPress login page, exploring ways of merging it into your site’s branding. In this post, we’ll look at how to extend some of the functionality offered in that post with more practical examples.
This post looks at front-end and backend login customization in two sections. In the first part, I will explain how to handle the login process from the site front-end. We’ll look at how to:
- Include a login form into posts and widgets
- Redirect the user on successful login
- Set a custom login page
- Conditionally display a login/logout link in a menu
Note that we’ll explore just the login task, letting WordPress take care of redirection on failed login, password reset, user registration and data editing. All these tasks deserve careful attention and will provide us with more to dive into and explore in the future.
In the second part of this post, I will show you how to add greater functionality to the built-in login page. We’re going to:
- Customize the HTML structure of the login page header
- Get the most from the built-in login page with additional form fields
We’ll also look at several examples to acquaint you with functions, actions and filters available for the handling of the login process. I’ll assume you’re familiar with the key concepts behind action and filter hooks. If you’re not, before going through this post take the time to have a read over A Quick (and in-Depth) Guide to WordPress Hooks.
Let’s start diving into login customization.
Including a Login Form in Posts and Text Widgets
When designing the user flow for a new website, you might want to display a login form on the front-end of your site. You can achieve this goal thanks to the
wp_login_form function, which echoes (or returns) a simple login form (check the WordPress Codex for details).
This function holds an array of parameters, whose values set the URL for redirection after login, IDs, labels and the default values of the form elements.
In the following example we’ll create a simple shortcode, which will enable site authors to embed the login form anywhere into the site:
In the code above we’ve set the value of
echo to false so that the function won’t print the HTML of the form, but will return the mark-up as value of the
$output variable. The same value will be returned by the callback function.
In case the user was already logged in, the function returns a message and the logout link (this latter returned by the
Now, let’s create a new post (or page) and include the [frontend-login-form] shortcode. As a result, we’ll get the login form shown in the image below.
We can include the form in a sidebar as well, but first we have to force WordPress to process shortcodes in text widgets. This task can be accomplished using the
widget_text filter and the
do_shortcode function as we’ve already done in the code above.
Redirecting the User on Login
In the previous example, once logged in the user is redirected to the same page he/she is coming from, whatever their role. But we can redirect users to specific pages depending on their roles or capabilities.
For instance, we may want to prevent site subscribers from having access the admin area while redirecting to the dashboard all the users belonging to other roles. We can accomplish this usin the
login_redirect filter hook.
Consider the following code:
It’s quite self explanatory:
login_redirect filters the URL of the resource the user should be redirected to on successful login. In our example, if the user has the capability to
edit_posts (all roles but subscribers), the user will be redirected to the dashboard. If the users hasn’t, they will be redirected to the site home page.
Setting a Custom Login Page
If we’ve created a new custom login page, we may also want to overwrite default login URL. To do that we can use the
login_url filter, as shown in the following code:
Here, we’re calling the
add_query_arg function, which we’ve appended the query arguments
reauth to the URL. The same URL is finally returned by the callback function.
Adding Login and Logout Menu Items Programmatically
Now we have a new login URL and we can build the corresponding link programmatically from our scripts. In the next example, I’ll show you how to append the login and logout links to a primary menu.
In the main file of a plugin (or in the functions.php file of a child theme) copy and paste the following block of code:
wp_nav_menu_items filter allows us to append new items to menus. By setting a specific theme location, our customization will affect just one custom menu. If the user is logged in, the callback function will automatically append the logout URL, otherwise it will append the login URL.
So far we’ve seen how to log in the user from the front-end. Nevertheless, chances are that we would prefer to keep the login on its own default page. So, in the following examples we’ll see how to take advantage of some of the many functions, actions and filters we can use to customize the page structure and add functionalities to the login form.
Customizing the Login Header
The header of the default WordPress login page is structured as follows:
It’s just a
h1 element with an anchor pointing to WordPress.org. We can act on this structure thanks to three hooks, one action (
login_head) and two filters (
login_headertitle). Take the following code as an example:
login_headaction fires after scripts are enqueued, and we can hook to this action a function to enqueue custom scripts and styles. In our example, we’ve added a single declaration to change the background image of the anchor in the header
login_headerurlfilters the link URL of the header logo. In our example, the callback function returns the home URL
login_headertitlefilters the title attribute
This is just a basic example, which aims to demonstrate how actions and filters come in handy to customize the login experience. If you need more control over the presentation of the login page, take a moment to read how to completely customize the WordPress login page. Then, if you want to add more functionality to the built-in login form, read over our last and more advanced example…
Let Your Users Select the Redirect URL
It’s time to give our users more control over the login process. In this last example, we’ll give them the ability to choose the URL of the page to be redirected to.
First, we’ll add a new field to the login form with the following function:
login_form action fires following the ‘Password’ field in the login form and preceeding the ‘Remember me’ checkbox, so the callback function prints the select menu in that precise position.
With the form field in its place, we can put it in action with the following code:
Here, we’re checking whether a valid value for the select field has been sent. If so, the switch statement set a value for
$redirect_to variable depending on the option selected by the user.
The user will be now redirected to the page of their choice.
The login process is an important part of a website’s user flow and we as web designers should take the time to consider the user experience. Whether we decide to allow users to log in from a site front-end or keep with the default backend log in form, we can customize all options in terms of both presentation and functionality.
WordPress provides up with the powers of customizzation – it’s up to use to make good use of them.
Have you got further ideas for login customization? Do you have any favorite examples of login forms that have been customized? Join the conversation and share them with us in the comments below.
Logo credit Giulio Baccari.