auth_redirect()WP 1.5.0

Checks if the user is authorized before allowing them on any page of the site.

If the user is not authorized, it redirects them to the login page.

Needed to restrict pages from unregistered users.

If this function is called on the posts page and the user is not registered and not authorized (not logged in with their username), they will be redirected to the login page. After logging in, the user will be returned to the page they were on before the redirection.

Pluggable function — this function can be replaced from a plugin. It means that this function is defined (works) only after all plugins are loaded (included), but before this moment this function has not defined. Therefore, you cannot call this and all functions depended on this function directly from a plugin code. They need to be called on plugins_loaded hook or later, for example on init hook.

Function replacement (override) — in must-use or regular plugin you can create a function with the same name, then it will replace this function.

Hooks from the function

Returns

null.

Usage

auth_redirect();

Examples

0

#1 Close content from unauthorized users and redirect them to login

Require a user to log in in order to view site:

if ( ! is_user_logged_in() ) {
   auth_redirect();
}

Close posts from unauthorized users:

if ( !is_user_logged_in() && is_single() ) {
	auth_redirect();
}

Use this code at the beginning of header.php.

Changelog

Since 1.5.0 Introduced.

auth_redirect() code WP 6.8.3

wp-includes/pluggable.php 
function auth_redirect() {
	$secure = ( is_ssl() || force_ssl_admin() );

	/**
	 * Filters whether to use a secure authentication redirect.
	 *
	 * @since 3.1.0
	 *
	 * @param bool $secure Whether to use a secure authentication redirect. Default false.
	 */
	$secure = apply_filters( 'secure_auth_redirect', $secure );

	// If https is required and request is http, redirect.
	if ( $secure && ! is_ssl() && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
		if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
			wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
			exit;
		} else {
			wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
			exit;
		}
	}

	/**
	 * Filters the authentication redirect scheme.
	 *
	 * @since 2.9.0
	 *
	 * @param string $scheme Authentication redirect scheme. Default empty.
	 */
	$scheme = apply_filters( 'auth_redirect_scheme', '' );

	$user_id = wp_validate_auth_cookie( '', $scheme );
	if ( $user_id ) {
		/**
		 * Fires before the authentication redirect.
		 *
		 * @since 2.8.0
		 *
		 * @param int $user_id User ID.
		 */
		do_action( 'auth_redirect', $user_id );

		// If the user wants ssl but the session is not ssl, redirect.
		if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
			if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
				wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
				exit;
			} else {
				wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
				exit;
			}
		}

		return; // The cookie is good, so we're done.
	}

	// The cookie is no good, so force login.
	nocache_headers();

	if ( str_contains( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) {
		$redirect = wp_get_referer();
	} else {
		$redirect = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
	}

	$login_url = wp_login_url( $redirect, true );

	wp_redirect( $login_url );
	exit;
}

redirect

Other