New to the community? Start here

[Branda Pro] Whitelist IPs to bypass coming soon / maintenance pages

1

Would be great if I could whitelist my client and colleagues IPs so they don’t see the coming soon page when visiting the site. I want to keep it on to stop organic traffic, so letting them see the site without logging in would be very nice.

Thu, 29 Oct 2020 22:54:42
More Branda Pro discussions
Branda Pro
    • MC
      • The Incredible Code Injector

      I wanted this so I had AI help me write it. It’s a querystring (not IP address whitelist). Hope it helps!

      ** Change “preview_20250825″ to whatever you want the querystring to be.
      ** So it will be https://yoursite.com/?preview_20250825

      /**
      * Secret Key Bypass for Branda Maintenance Mode
      * Allows one-time front-end viewing using a secret access key
      * Based on WPMU DEV forum solution for bypassing maintenance mode
      */
      add_action(‘template_redirect’, function() {
      // Check if our secret query string matches
      if (isset($_GET[‘access_key’]) && $_GET[‘access_key’] === ‘preview_20250825’) {
      // Store in a cookie so the user does not have to use the query each time
      // Cookie expires in 1 hour (3600 seconds)
      setcookie(‘nerve_maintenance_bypass’, ‘1’, time() + 3600, ‘/’, ”, is_ssl(), true);

      // Also set a session variable for immediate use
      if (!session_id()) {
      session_start();
      }
      $_SESSION[‘nerve_maintenance_bypass’] = true;

      // Remove Branda’s maintenance mode hook entirely
      global $wp_filter;
      $tag = ‘template_redirect’;
      $hook_method = ‘output’;
      $hook_class = ‘Brenda_Maintenance’;

      if (isset($wp_filter[$tag])) {
      foreach ($wp_filter[$tag]->callbacks as $key => $callback_array) {
      foreach ($callback_array as $c_key => $callback) {
      if (substr_compare($c_key, $hook_method, strlen($c_key) – strlen($hook_method), strlen($hook_method)) === 0) {
      if (isset($callback[‘function’][0]) && $callback[‘function’][0] instanceof $hook_class) {
      unset($wp_filter[$tag]->callbacks[$key][$c_key]);
      }
      }
      }
      }
      }

      // Redirect to remove the access_key from URL for security
      $redirect_url = remove_query_arg(‘access_key’, $_SERVER[‘REQUEST_URI’]);
      if ($redirect_url !== $_SERVER[‘REQUEST_URI’]) {
      wp_safe_redirect($redirect_url);
      exit;
      }
      return; // Let them through
      }

      // If cookie exists, remove Branda’s maintenance mode hook
      if (isset($_COOKIE[‘nerve_maintenance_bypass’]) && $_COOKIE[‘nerve_maintenance_bypass’] === ‘1’) {
      global $wp_filter;
      $tag = ‘template_redirect’;
      $hook_method = ‘output’;
      $hook_class = ‘Brenda_Maintenance’;

      if (isset($wp_filter[$tag])) {
      foreach ($wp_filter[$tag]->callbacks as $key => $callback_array) {
      foreach ($callback_array as $c_key => $callback) {
      if (substr_compare($c_key, $hook_method, strlen($c_key) – strlen($hook_method), strlen($hook_method)) === 0) {
      if (isset($callback[‘function’][0]) && $callback[‘function’][0] instanceof $hook_class) {
      unset($wp_filter[$tag]->callbacks[$key][$c_key]);
      }
      }
      }
      }
      }
      return; // Let them through
      }

      // If session variable exists, remove Branda’s maintenance mode hook
      if (!session_id()) {
      session_start();
      }
      if (isset($_SESSION[‘nerve_maintenance_bypass’]) && $_SESSION[‘nerve_maintenance_bypass’] === true) {
      global $wp_filter;
      $tag = ‘template_redirect’;
      $hook_method = ‘output’;
      $hook_class = ‘Brenda_Maintenance’;

      if (isset($wp_filter[$tag])) {
      foreach ($wp_filter[$tag]->callbacks as $key => $callback_array) {
      foreach ($callback_array as $c_key => $callback) {
      if (substr_compare($c_key, $hook_method, strlen($c_key) – strlen($hook_method), strlen($hook_method)) === 0) {
      if (isset($callback[‘function’][0]) && $callback[‘function’][0] instanceof $hook_class) {
      unset($wp_filter[$tag]->callbacks[$key][$c_key]);
      }
      }
      }
      }
      }
      return; // Let them through
      }
      }, -1); // Priority -1 to run before Branda’s maintenance mode (which runs at priority 0)

      // Remove the old filter-based approach since we’re now removing the hook entirely

    • Tony G
      • Mr. LetsFixTheWorld

      Adding a +1 to this request that’s been “tasked” for almost two years.

      How about this : Can someone tell us what filter is hooked when the Coming Soon page is triggered, so that we can return a simple true/false to override the feature? If there isn’t a hook, there outta be. But if you can just tell me where the redirect happens then I’ll add it in myself.

      I frequently don’t mind coding my own solutions, but I’m asking DEV to step up to meet in the middle and provide the information required so that we can provide our own solutions out here. In this case, I’ll check for the IP address and return the right result, I’m just asking DEV to tell everyone here where that hook is or should be.

      I hope (but respectfully doubt) that this could be a regular practice in these forums: “The feature isn’t there, but you can hook ‘foo’ in method ‘bar’ to create your own solution for this right now…” … “or you can wait a few years to find out this isn’t one of our priorities…” :rolling_eyes:

      Thanks!

  • Patrick Freitas
    • FLS

    Hi Tony G

    It uses the template_redirect, 

    if ( ! is_admin() ) {
		$status = $this->get_value( 'mode', 'mode' );
				if ( 'off' !== $status ) {
					add_action( 'template_redirect', array( $this, 'output' ), 0 );
					add_filter( 'rest_authentication_errors', array( $this, 'only_allow_logged_in_rest_access' ) );
	}
}

    Located on:

    inc/modules/utilities/maintenance.php

    This is an old code that our SLS support did to bypass the /hub page ( HUB Client plugin ) maybe can give some ideas on how you could handle some custom coding for that section:

    <?php
add_action(
	'template_redirect',
	function(){
		global $wp;

		if ( 'hub' !== $wp->request ) {
			return;
		}

		global $wp_filter;
		$tag 			= 'template_redirect';
		$hook_method	= 'output';
		$hook_class 	= 'Brenda_Maintenance';
		if ( ! isset( $wp_filter[$tag] ) ) {
			return;
		}
		foreach ( $wp_filter[$tag]->callbacks as $key => $callback_array ) {
			foreach ( $callback_array as $c_key => $callback ) {
				if ( substr_compare( $c_key, $hook_method, strlen( $c_key ) - strlen( $hook_method ), strlen( $hook_method ) ) === 0 ) {
					if ( $callback['function'][0] instanceof $hook_class ){
						unset( $wp_filter[$tag]->callbacks[$key][$c_key] );
					}
				}
			}
		}
	},
	-1
);

    Best Regards
    Patrick Freitas

    • Tony G
      • Mr. LetsFixTheWorld

      Patrick Freitas I’ve had my Branda maintenance IP whitelist plugin in place for a while now. Until I can post that for others I’m making a note here for anyone who stumbles on this thread.

      The code posted above has a filter hook for ‘rest_authentication_errors’. The handler for that throws a ‘rest_cannot_access’ error if maintenance mode is active and is_admin is false.
      ( plugins/ultimate-branding/inc/modules/utilities/maintenance.php line 32 > only_allow_logged_in_rest_access() line 693 )

      That’s an issue when we want to use the REST API to request a token for JWT or maybe OAuth. The request itself has the authentication request and can’t be denied access. The is_admin() function may return false during that auth process. Auth requests like this need to get in, and define WP_ADMIN on success so that is_admin returns true. One could say WP_ADMIN should be defined on Ajax requests, but that’s not always the case if special endpoints are used and admin_ajax.php isn’t used.

      However, the whole point of this is that we don’t want requests from a specific IP to be blocked, regardless of their activity or auth status. That is, is_admin=true is not the only correct status to avoid a WP_Error, and Branda shouldn’t be throwing an exception based on maintenance mode without some ability to override that decision.

      So I’m proposing a new filter hook in Branda, right before it throws WP_Error or otherwise decides that there is a REST authentication error, something like ‘ub_rest_authentication’. Pass the value determined by Branda, and some metadata to explain why that determination was made, like a constant NOT_LOGGED_IN. Let the hook handler override the result, perhaps returning false rather than the WP_Error … which is what I would do based on the IP address.

      Until that is implemented I need to find a place to catch requests like this and ensure WP_ADMIN is set before Branda can define a filter for rest_authentication_errors – but this needs to be handled very carefully, because I don’t just want to set WP_ADMIN, and I also don’t want to stop Branda from getting a shot at flagging an issue that perhaps should be caught.

      Thanks for consideration and responses!

  • Patrick Freitas
    • FLS

    Hi Tony G

    Thanks for all the feedback and work done to check the plugin code, indeed a new hook could be a nice option and we forwarded this to the plugin team.

    To not spam the thread starter, if you need any help or clarification on Branda codes feel free to create a new ticket so we can keep going on this.

    Best Regards
    Patrick Freitas