Different Redirect After User Completes WP 2FA Setup

Resolved robskrob
(@robskrob)

5 years, 11 months ago

Regarding this note in the change log for 1.3.0, https://ww.wp.xz.cn/plugins/wp-2fa/#developers, “Administrators are redirected to the 2FA settings after completing the wizard.” is there anyway I can specify a different redirect? Not all my wordpress users have access to the network tab on the dashboard and so they see an odd “page is not available” message from wordpress. Would it be possible to redirect the user to the main admin page when a user completes the WP 2FA setup, for instance?

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Contributor robertabela
(@robert681)

5 years, 11 months ago

Hello @robskrob

Updating this ticket as well, for the records:

That note applies to the administrator and the first time install wizard. So it applies to that person who first installs the plugin. It has nothing to do with the users. If your users do not have access to the dashboard, then you have two options:

1) Enable the 2FA configuration front-end page: https://www.wpwhitesecurity.com/support/kb/configure-2fa-front-end-page-wordpress/

2) Create your own 2FA settings page using our shortcodes: https://www.wpwhitesecurity.com/support/kb/shortcodes-custom-2fa-user-configuration-page/

I hope the above helps you get setup and running. Should you have any other questions, please do not hesitate to get in touch.
Thread Starter robskrob
(@robskrob)

5 years, 11 months ago
Hi @robert681 thank you for your reply.

Just to be clear — when someone signs into the wordpress dashboard and creates two factor authentication for their account using the whitesecurity 2FA wordpress plugin, the plugin redirects the user by default to the network page whose path is /wp/wp-admin/network/. At least, this has been my experience in using your plugin and setting up wordpress uses with 2FA.

In my wordpress app, I have set it up such that only the super admins and administrators have access to the network page. Therefore, when either an Editor, Author, Contributor or Subscriber signs into the wordpress admin and after setting up their account with two factor authentication with the whitesecurity 2FA wordpress plugin, wordpress shows these users a page that says, “sorry, you are not allowed to see this page.” because the plugin, as stated above, redirects them to the network page, from which I have blocked them. I only need super administrators to view the network page.

The solution I came up with is the following. I use the admin_init hook to redirect users away from the network page and to the wordpress dashboard only if the current page is the network one and they are not a super admin:
```
add_action('admin_init', function() {
  // Only allow super admin to view network settings page
  if ( is_network_admin() && !(is_super_admin())) {
    wp_redirect("/wp/wp-admin/");
    exit;
  }
});
```
This allows the whitesecurity 2FA plugin to redirect users to the network page after setting up 2FA while not creating a weird / broken experience for my users who are not allowed to view that page.
- This reply was modified 5 years, 11 months ago by robskrob.
- This reply was modified 5 years, 11 months ago by robskrob.
- This reply was modified 5 years, 11 months ago by robskrob.
Plugin Contributor robertabela
(@robert681)

5 years, 11 months ago

Sorry, didn’t notice that you are referring to an issue on a multisite network. We can reproduce this and can confirm that this is a bug.

We’ll definitely fix it in the next update, which we will be releasing in a few weeks.

Thank you for taking the time to report the issue.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Different Redirect After User Completes WP 2FA Setup’ is closed to new replies.