Bash script to verify WordPress Logins

Verifing Logins from a shell script

The following script is not part of our WordPress plugin, but may be useful in many cases.

Are WordPress logins working properly?

Everything should be working properly if you can login as a user to wordpress.

The following script logs into wordpress and saves the cookies to a file. Then it logs out of wordpress. Finally, it sends an XMPP instant message to inform you of the results.

#!/bin/bash
# by Edward Stoever
/usr/bin/sleep $((1 + $RANDOM %55)) # include this when running from cron
. /etc/profile
. /root/.profile

user="just-a-subscriber"
password="hard-to-guess-password"
cookie_file="/tmp/cookie.txt"
site="https://my-wp-website.com"
maxtime="5"

curl --cookie-jar "$cookie_file" \
     --dump-header "$cookie_file" \
     --output "/dev/null" \
     --max-time "$maxtime" \
     --form log="$user" \
     --form pwd="$password" \
     --form testcookie=1 \
     --form wp-submit="Log In" \
     --form redirect_to="$site"/wp-admin \
     --form submit=login \
     --form rememberme=forever \
     "$site"/wp-login.php

## GET THE WORDPRESS NONCE FOR THE LOGOUT URL, THEN LOGOUT WITH CURL:
WPNONCE=`curl --cookie "$cookie_file" \
              --max-time "$maxtime" "$site"/wp-login.php?action=logout | \
              tail -5 | \
              grep -oP '_wpnonce=[0-9a-zA-Z]+'`

curl --cookie "$cookie_file" --max-time "$maxtime" \
              "$site/wp-login.php?action=logout&$WPNONCE"

SUCCESSMSG="<THUMBUP> Logins are working properly on the wordpress website!"
FAILUREMSG="<REDFLAG> Something is wrong with logins on the wordpress website!"

if [ -f $cookie_file ]; then
  VERIFY_SUCCESSFUL_LOGIN=`grep wordpress_logged_in $cookie_file|wc -l`
    if [ $VERIFY_SUCCESSFUL_LOGIN = "1" ]; then
       /usr/local/bin/monitor.chat.sh "$SUCCESSMSG" 
    else
       /usr/local/bin/monitor.chat.sh "$FAILUREMSG" "all"
    fi
else
   /usr/local/bin/monitor.chat.sh "$FAILUREMSG" "all"
fi

rm -f "$cookie_file"

You can test the failure by breifly shutting down the database or the web server. You can also use invalid login credentials to test a failure.


Related wordpress script here:

Last modified March 5, 2021