WordPress Force Login WP-Cron & BackWPup Not Working

By | March 10, 2015

When using the Force Login plugin for wordpress by Kevin Vess, you will notice that WP-Cron and external links to launch backups for BackWPup no longer work.

The developer wrote some fixes for this thankfully, however it can be confusing for non technical people if you have no programming experience.

To enable XMLRPC, edit wp-force-login.php in the plugin directory, and replace the second function in the file from the one on his GitHub.

For my particular use case, I needed to be able to call a backup job for BackWPup from one of my other servers with CURL.  I used his fix for WP-Cron, but edited it to not require authentication from my home server’s public IP address.  There was also a small syntax error that needed correcting.  Again, we will be replacing the second function in the plugin.

Original Plugin file:

< ?php
/*
Plugin Name: Force Login
Plugin URI: http://vess.me/
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
Version: 2.1
Author: Kevin Vess
Author URI: http://vess.me/
License: GPLv2 or later
*/

/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

function v_getUrl() {
  $url  = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
  $url .= '://' . $_SERVER['SERVER_NAME'];
  $url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
  $url .= $_SERVER['REQUEST_URI'];
  return $url;
}
function v_forcelogin() {
  $url = v_getUrl();
  if( !is_user_logged_in() && preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) ) {
    wp_safe_redirect( wp_login_url( $url ), 302 ); exit();
  }
}
add_action('init', 'v_forcelogin');

Edited plugin to allow WP-Cron to function (Link Here):

< ?php
/*
Plugin Name: Force Login
Plugin URI: http://vess.me/
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
Version: 2.1
Author: Kevin Vess
Author URI: http://vess.me/
License: GPLv2 or later
*/

/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

function v_getUrl() {
  $url  = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
  $url .= '://' . $_SERVER['SERVER_NAME'];
  $url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
  $url .= $_SERVER['REQUEST_URI'];
  return $url;
}
function v_forcelogin() {
  $url = v_getUrl();
  if( !is_user_logged_in() && preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) ) {
    if( $_SERVER['REMOTE_ADDR'] != 'xxx.xxx.xxx.xxx' ) {
      wp_safe_redirect( wp_login_url( $url ), 302 ); exit();
    }
  }
}
add_action('init', 'v_forcelogin');

Make sure that you wrap the IP address from which you need to connect without authentication is wrapped in apostrophies EX:

 != '127.0.0.1'

Leave a Reply

Your email address will not be published. Required fields are marked *