WP Login & Access Manager is a WordPress plugin that allows administrators to customize the login page and restrict login access based on user roles.
Why this plugin exists
This plugin was built to demonstrate secure WordPress authentication handling, role-based access control, and admin settings management following WordPress coding standards and best practices.
Features
- Custom message on the WordPress login page
- Restrict login access based on user roles
- Admin settings page to configure blocked roles
- Uses WordPress authentication hooks and Settings API
- Lightweight and theme-independent
How It Works
- Hooks into WordPress login using the
authenticatefilter - Blocks selected roles from logging in
- Displays a clear error message on the login screen
- Admins manage settings under Settings → Login Access Manager
️ Installation
- Clone or download this repository
- Upload the
wp-login-access-managerfolder to/wp-content/plugins/ - Activate the plugin from the WordPress dashboard
- Configure roles under Settings → Login Access Manager
Plugin Structure
wp-login-access-manager/ ├── wp-login-access-manager.php ├── readme.md └── includes/ ├── login-customizer.php ├── role-restrictions.php └── admin-settings.php
️ Security
- Capability checks for admin access
- Sanitized option values
- Safe authentication blocking using
WP_Error - Proper escaping for output
Author
Aditya Kumar Singh
GitHub: https://github.com/AdityaS62