'', 'canonical_action' => '404', ); } public function sanitize( array $data ): array { $slug_raw = isset( $data['slug'] ) ? (string) $data['slug'] : ''; $slug = sanitize_title( $slug_raw ); // Restrict to a-z 0-9 _ - and 3–50 chars; anything else falls back to inactive. if ( ! preg_match( '/^[a-z0-9_-]{3,50}$/', $slug ) ) { $slug = ''; } $action = isset( $data['canonical_action'] ) ? sanitize_key( (string) $data['canonical_action'] ) : '404'; if ( ! in_array( $action, self::ALLOWED_ACTIONS, true ) ) { $action = '404'; } return array( 'slug' => $slug, 'canonical_action' => $action, ); } public function register(): void { // Recovery hatch — bypass entirely if the constant is defined truthy. if ( defined( self::RECOVERY_CONSTANT ) && constant( self::RECOVERY_CONSTANT ) ) { return; } if ( '' === $this->configured_slug() ) { // Module enabled on Modules tab but no slug configured → feature inert. return; } add_action( 'plugins_loaded', array( $this, 'maybe_intercept' ), 1 ); // URL filters: rewrite outgoing wp-login.php links/redirects. add_filter( 'site_url', array( $this, 'filter_site_url' ), 10, 4 ); add_filter( 'network_site_url', array( $this, 'filter_network_site_url' ), 10, 3 ); add_filter( 'wp_redirect', array( $this, 'filter_wp_redirect' ), 10, 1 ); } /* --------------------------------------------------------------------- * Setting accessors * ------------------------------------------------------------------- */ private function configured_slug(): string { $value = bw_dev()->settings()->get( $this->slug(), 'slug', '' ); return is_string( $value ) ? $value : ''; } private function configured_action(): string { $value = bw_dev()->settings()->get( $this->slug(), 'canonical_action', '404' ); return in_array( (string) $value, self::ALLOWED_ACTIONS, true ) ? (string) $value : '404'; } /* --------------------------------------------------------------------- * Request interception * ------------------------------------------------------------------- */ public function maybe_intercept(): void { $path = strtolower( $this->current_request_path() ); $slug = '/' . $this->configured_slug(); // (1) Custom slug → serve wp-login.php. if ( $path === $slug || $path === $slug . '/' ) { $this->serve_login_form(); return; } // (2) Canonical /wp-login.php → block for guests. if ( '/wp-login.php' === $path ) { if ( ! is_user_logged_in() ) { $this->block_canonical(); } return; } // (3) Canonical /wp-admin/* → block for guests, with allowlist. if ( '/wp-admin' === $path || 0 === strpos( $path, '/wp-admin/' ) ) { if ( $this->is_admin_path_allowlisted( $path ) ) { return; } if ( ! is_user_logged_in() ) { $this->block_canonical(); } } } /** * Allow admin-ajax.php and admin-post.php through unconditionally — * front-end plugins and forms hit these endpoints as guests routinely * (Contact Form 7, Gravity Forms, Heartbeat, REST fallbacks, etc.). */ private function is_admin_path_allowlisted( string $path ): bool { if ( 0 === strpos( $path, '/wp-admin/admin-ajax.php' ) ) { return true; } if ( 0 === strpos( $path, '/wp-admin/admin-post.php' ) ) { return true; } return false; } private function serve_login_form(): void { // Pretend the request was for wp-login.php so the script behaves normally. $query = $this->current_query_string(); $_SERVER['SCRIPT_NAME'] = '/wp-login.php'; $_SERVER['REQUEST_URI'] = '/wp-login.php' . $query; $GLOBALS['pagenow'] = 'wp-login.php'; require ABSPATH . 'wp-login.php'; exit; } private function block_canonical(): void { if ( 'home_redirect' === $this->configured_action() ) { wp_safe_redirect( home_url( '/' ), 302 ); exit; } // Default: a clean, theme-less 404. We're pre-init so no theme template is loaded. status_header( 404 ); nocache_headers(); header( 'Content-Type: text/html; charset=UTF-8' ); echo "\n404 Not Found

Not Found

The requested URL was not found on this server.

"; exit; } /* --------------------------------------------------------------------- * URL rewriting * ------------------------------------------------------------------- */ public function filter_site_url( $url, $path, $scheme, $blog_id ) { unset( $path, $scheme, $blog_id ); return $this->rewrite_wp_login( $url ); } public function filter_network_site_url( $url, $path, $scheme ) { unset( $path, $scheme ); return $this->rewrite_wp_login( $url ); } public function filter_wp_redirect( $url ) { return $this->rewrite_wp_login( $url ); } private function rewrite_wp_login( $url ) { if ( ! is_string( $url ) || false === strpos( $url, 'wp-login.php' ) ) { return $url; } return str_replace( '/wp-login.php', '/' . $this->configured_slug(), $url ); } /* --------------------------------------------------------------------- * REQUEST_URI helpers * ------------------------------------------------------------------- */ private function current_request_path(): string { $uri = isset( $_SERVER['REQUEST_URI'] ) ? wp_unslash( $_SERVER['REQUEST_URI'] ) : ''; $path = wp_parse_url( (string) $uri, PHP_URL_PATH ); return is_string( $path ) ? $path : ''; } private function current_query_string(): string { $uri = isset( $_SERVER['REQUEST_URI'] ) ? wp_unslash( $_SERVER['REQUEST_URI'] ) : ''; $query = wp_parse_url( (string) $uri, PHP_URL_QUERY ); return is_string( $query ) && '' !== $query ? '?' . $query : ''; } /* --------------------------------------------------------------------- * Settings tab * ------------------------------------------------------------------- */ public function render_tab(): void { $slug = $this->configured_slug(); $action = $this->configured_action(); $is_active = '' !== $slug; $is_bypassed = defined( self::RECOVERY_CONSTANT ) && constant( self::RECOVERY_CONSTANT ); $slug_name = BW_Dev_Settings::OPTION . '[' . $this->slug() . '][slug]'; $action_name = BW_Dev_Settings::OPTION . '[' . $this->slug() . '][canonical_action]'; $current_url = $is_active ? home_url( '/' . $slug . '/' ) : ''; ?>

' . esc_html( self::RECOVERY_CONSTANT ) . '' ); ?> 

define( '', true );