Prevent users from accessing wp-admin when password is wrong

I just noticed everyone gets redirected to wp-admin if they enter the wrong password in the membership pro plugin. I'd like to prevent users from accessing that page if possible, could you point me out to a solution? Coding is okay as well since I'm a developer

  • Ash

    Hi Fabio

    Please try the following code:

    add_action( 'wp_login_failed', 'my_front_end_login_fail' );
    function my_front_end_login_fail( $username ) {
       $referrer = $_SERVER['HTTP_REFERER'];
       $findme   = '?login=failed';
       $pos = strpos( $referrer, $findme );
       if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') ) {
    	if( $pos === false ) {
    		wp_redirect( $referrer . '?login=failed' );
    		wp_redirect( $referrer );
    add_action( 'wp_footer', 'show_error_msg' );
    function show_error_msg() {
    	if( isset( $_REQUEST['login'] ) && $_REQUEST['login'] == 'failed' ) {
    	<script type="text/javascript">
    		$('.membershiploginwidget #loginform').prepend('<p style="color:red">Your username or password is wrong. Please try again.</p>');

    You can add those codes in your functions.php in the theme, if you think your theme won’t be changed. Otherwise mu-plugins is the best solution. To use mu-plugins, go to /wp-content/ and find the folder with name 'mu-plugins'. If there is no folder in that name, then create a folder, name it 'mu-plugins', create a file inside that, give any name you like and paste the code in there. You don't need to activate that plugin. Mu-plugins means must use plugins, so it will be activated automatically always. If you use mu-plugins then add a php start tag at the beginning of the code.

    Hope it helps :slight_smile: Please feel free to ask more question if you have any.


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.