WordPress - snips

A few notes on integrating WordPress into a personal HTML website and implementing it in an enterprise as a team blogging platform.

Setup Azure SSO

Update WordPress, update all plugins, and make sure the site is already setup for SSL.

  • Install the SSO for Azure AD plugin.
  • Settings > SSO for Azure AD
  • Endpoints
    • Copy Redirect URL and Homepage/Login URL
    • Register site in Azure Portal
    • https://portal.azure.com -> App registrations
    • Add a new app registration using Endpoints
    • Copy setup credentials Application ID, Client secret, and Directory ID
  • OAuth
  • Login options
    • Create new users if they don't already exist = yes
    • Login button text (default) = Sign in with Azure AD
    • Save change

Force Logins and disable emails

Force ALL users to login and disable BOTH default WordPress new user notification emails by adding global functions through a Code Snips plugin file called something like local-code-snips.php. Turn this PHP file into a ZIP, and then add the ZIP to WordPress site through the Plugins -> Add New -> Upload Plugin -> Activate workflow.

<?php
/*
Plugin Name: Local Code Snips
Description: Contains custom functions for site
Version: 1.0.0
Author: me
Author URI: me@here.com
*/

// Force user to login on welcome
function my_force_login() {

	global $post;

	if ( ( is_single() || is_front_page() || is_page() || is_archive()) && !is_page('login') && !is_user_logged_in()){ 
		auth_redirect(); 
	}
}

// Disable BOTH default WordPress new user notification emails
if ( ! function_exists( 'wp_new_user_notification' ) ) :
    function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) {
        return;
    }
endif;

Add header functions by adding the following to the very top of the /wp-content/themes/themename/header.php file.

<!-- Redirect users to login page -->
<?php my_force_login();?>

<!-- Redirecting users to after login based on user role -->
<?php 
function my_login_redirect( $url, $request, $user ){
    if( $user && is_object( $user ) && is_a( $user, 'WP_User' ) ) {
        if( $user->has_cap( 'administrator' ) ) {
            $url = admin_url();
        } else {
            $url = home_url('/blog/');
        }
    }
    return $url;
}
add_filter('login_redirect', 'my_login_redirect', 10, 3 );

Disable SELECT user registration emails if necessary -
https://smartwp.com/disable-wordpress-new-user-notification-email/

If you have control over the link - add link to specific page by adding the page as a redirect_to parameter to the the sign-in prefix, e.g.: https://site.domain/blog/?sso_for_azure_ad=start&redirect_to=https%3A%2F%2Fusite.domain%2Fblog%2F&reauth=1

Test

  • Open browser, go directly to WP site without prior login -> redirect to Azure AD login page.
  • Go to WP site as a redirect from another site and NOT signed in with SSO -> redirects to Azure AD login page.
  • Go to WP site as a redirect from another site and signed in with SSO -> redirects transparently to destination link page.