I'm using a PHP function to redirect users to the homepage if they're not logged in. It has helped to stop brute force attacks on the login form. I have another page with a custom login form that is used for login, and I want the regular wordpress page to be disabled. The only problem with this is that while using the admin part of the site, as it will log out after a certain amount of time has expired. Instead of bringing up the form to log in again in the dialog, it will redirect to the homepage within the dialog box. There is a small version of the homepage showing within the dialog. I can login again by going to the actual login page, but it's not ideal.
I tried disabling the function, but as soon as I did the brute force attacks started again. Is there a way to allow the login form on the dialog only, but still have the redirect place for the wp-login and wp-admin pages?
function custom_login(){
global $pagenow;
if( 'wp-login.php' == $pagenow && !is_user_logged_in()) {
wp_redirect(get_home_url());
exit();
}
}