Authentication using WordPress


From time to time I’ve made a few PHP pages, for various reasons. Some of these use a MySQL database for storing and retrieving data. When it comes to securing my data and restricting access to editing and deleting functions to me only, I’ve looked at a few simple solutions to the problem. One of the ways I’ve done this, and the one I prefer, is by letting WordPress handle the authentication of the user. The WordPress authentication can probably be bypassed, but since it’s not personal or top secret data, I’ve come to the conclusion that a basic protection is adequate for these data.

How to do it?
First off you need to use WordPress own login page and the users you want to let on to the custom page need to have access to log onto the WordPress site you’re using for authentication purposes.
In my PHP code I’ve included the following lines (the page is located in an adjacent directory to the WordPress installation):



if(is_user_logged_in()) {
   // Show the page, since the user is logged in
} else {
   // The user is not logged in

The inclusion of the wp-blog-header.php file is required if you want to be able to use the method is_user_logged_in(). It is this method that check to see if the user is logged in (surprise, surprise!). Then all I need to do is put the magic inside the curly brackets between the if and the else. Easy, peasy 🙂

Things that I haven’t checked
There are some obvious things that I haven’t checked, like if it’s possible to circumvent the authentication and if so how easy it is. I also haven’t looked into the possibility of making a special right for the page, but just given access to any user that can log into the WordPress site that I piggyback my authentication off.
The solution is simple, I know, but it covers the bare minimum I needed for the pages I’ve created. Oh, and any updates to the login procedure is not my headache, since they get handled with the WordPress updates. Which is probably better than what I could piece together on my own anyways 😉