Ask your WordPress questions! Pay money and get answers fast! (more info)

"sidebar login" plugin setup WordPress


Hi: I have these requirements for a site:

• some page/posts in a WP site need to login to view.
• username and password are assigned by site admin only.
• no online registration, no forgot password
• user should NOT see dashboard or admin login (no backend)

I selected "sidebar login" plugin for this, but still need help:

1) when input wrong username/password, dialog box ask user if "lost your password?", if click on it, will redirect to WP lostpassword page.
Need to disable this redirect, and should delete "lost your password?" wording too.

2) how to set capability for these users, so they don't accidentally get into backend.
It seems configurable but does not work on my test, they are now Editor so can view privately published stuff.

my test site url:
login required area: VIP Club
sidebar login on:
actual restricted page and posts:

below is a screen shot of my widget setting:

Answers (2)


Dbranes answers:

Here's one way to remove the "lost your password?" link:

remove_filter('authenticate', 'wp_authenticate_username_password', 20, 3);

add_filter('authenticate', 'custom_wp_authenticate_username_password', 20, 3);

function custom_wp_authenticate_username_password($user, $username, $password) {
if ( is_a($user, 'WP_User') ) { return $user; }

if ( empty($username) || empty($password) ) {
if ( is_wp_error( $user ) )
return $user;

$error = new WP_Error();

if ( empty($username) )
$error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));

if ( empty($password) )
$error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));

return $error;

$user = get_user_by('login', $username);

if ( !$user )
return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid username.' ) );

$user = apply_filters('wp_authenticate_user', $user, $password);
if ( is_wp_error($user) )
return $user;

if ( !wp_check_password($password, $user->user_pass, $user->ID) )
return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect.' ),
$username ) );

return $user;

but a less drastic way is to use the <em>gettext </em>filter:

(the HTML formatting is missing below, so check out this [[LINK href=""]]pastebin[[/LINK]] instead )

add_filter( 'gettext', 'custom_gettext' );
function custom_gettext ( $text )
if ( '<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?' === $text )
$text = '<strong>ERROR</strong>: Invalid username.';
elseif( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?' === $text )
$text = '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect.';
return $text;

If you don't want to remove the links on the <em>wp-login.php</em> page, you can use for example:

add_action( 'init', function(){
// don't remove links on the wp-login.php page
if( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' !== $GLOBALS['pagenow'] )
add_filter( 'gettext', 'custom_gettext' );


If your VIP guests are assigned a custom "vip" role, then you could use:

add_action( 'admin_init', 'custom_admin_init', 0 );
function custom_admin_init()
if( in_array( 'vip', wp_get_current_user()->roles, TRUE ) )
wp_redirect( get_home_url(), 302 );

to block the <em>wp-admin</em> access and redirect them to the homepage.

Steve Chang comments:

Thank you Dbranes, will you please indicate which file(s) to modify? I can follow instructions well but don't know programming.

By the way, the #1 question mentioned dialog box looks like in the image below (also for your info), is that generated by the plugin?