securityninja_is_temporary_login_link

Table of Content

  1. Filter: securityninja_is_temporary_login_link
    1. Parameters
    2. Return Values
    3. Example Usage: Simple Override
    4. Example Usage: Complex Detection Logic
    5. Example Usage: Force Check for Specific Patterns
    6. When to Use This Filter
    7. Security Considerations

Filter: securityninja_is_temporary_login_link

Allows complete override of temporary login link detection logic. Return true to bypass suspicious query checks, false to proceed with checks, or null to use default detection.

Back to Top

Parameters

  • $is_temporary_login (bool|null) – Current detection result (null on first call, meaning default detection hasn’t run yet)
  • $request_uri (string) – The request URI
  • $query_string (string) – The query string
Back to Top

Return Values

  • true – Bypass suspicious query checks (treat as temporary login link)
  • false – Proceed with suspicious query checks (not a temporary login link)
  • null – Use default detection logic (fallback to built-in parameter checking)
Back to Top

Example Usage: Simple Override

add_filter('securityninja_is_temporary_login_link', function($is_temporary_login, $request_uri, $query_string) {
    // Custom detection logic
    if (strpos($query_string, 'custom_token=') !== false) {
        return true; // Bypass checks
    }
    return $is_temporary_login; // Use default detection if null
}, 10, 3);
Back to Top

Example Usage: Complex Detection Logic

add_filter('securityninja_is_temporary_login_link', function($is_temporary_login, $request_uri, $query_string) {
    // Check for custom plugin's token pattern
    if (preg_match('/myplugin_token=[a-zA-Z0-9]{64}/', $query_string)) {
        // Verify plugin is active before bypassing
        if (is_plugin_active('my-plugin/my-plugin.php')) {
            return true; // Bypass checks
        }
    }
    
    // Check for specific URL pattern
    if (strpos($request_uri, '/special-login/') !== false && isset($_GET['auth_code'])) {
        return true; // Bypass checks
    }
    
    // Use default detection for everything else
    return $is_temporary_login;
}, 10, 3);
Back to Top

Example Usage: Force Check for Specific Patterns

add_filter('securityninja_is_temporary_login_link', function($is_temporary_login, $request_uri, $query_string) {
    // Even if default detection says it's a temporary login, 
    // force check if it matches suspicious pattern
    if (strpos($query_string, 'eval(') !== false) {
        return false; // Force security check
    }
    
    return $is_temporary_login; // Use default for others
}, 10, 3);
Back to Top

When to Use This Filter

  • Your plugin uses non-standard query parameter names that don’t match common patterns
  • You need custom validation logic beyond simple parameter checking
  • You want to implement conditional bypassing based on URL patterns or other request data
  • You need to integrate with plugins that have complex authentication flows
Back to Top

Security Considerations

When implementing custom detection logic:

  • Always verify the plugin is active before bypassing checks
  • Validate token formats to prevent abuse
  • Consider rate limiting for custom temporary login links
  • Log custom detections for audit purposes
  • Return false for any suspicious patterns, even if they match your plugin’s format

Written by

Back to Top

Get AI-Powered Security Summary

Let AI analyze this WordPress security article and provide actionable insights from WP Security Ninja experts.

ChatGPT Claude Perplexity Gemini
Trusted WordPress Security Expert

Was this helpful?

Previous Article

securityninja_temporary_login_params