Solution:
I looked at the WordPress objects for WP Errors, and also the WP Authenticate Hook as well and i have managed to stop the user from submitting an empty form, i have checked to see if username and password is blank and not send the form and then i return the error code for the form once it has been submitted correctly.
Add the following code to Functions.php
add_action('init', 'prevent_wp_login');
function prevent_wp_login() {
if(isset($_POST['log']) && isset($_POST['pwd']))
if($_POST['log']=='' && $_POST['pwd']=='')
{
$page = 'https://www.qbeam.co.uk/login/?login=error&reason=blank';
// Redirect to the your url
wp_redirect($page);
exit();
}
else if($_POST['log']=='')
{
$page = 'https://www.qbeam.co.uk/login/?login=error&reason=username';
// Redirect to the your url
wp_redirect($page);
exit();
}
else if($_POST['pwd']=='')
{
$page = 'https://www.qbeam.co.uk/login/?login=error&reason=password';
// Redirect to the your url
wp_redirect($page);
exit();
}
}
add_filter('login_redirect', 'qbeam_login_failed_redirect', 10, 3);
function qbeam_login_failed_redirect($user) {
$referrer = $_SERVER['HTTP_REFERER']; // where did the post submission come from?
// if there's a valid referrer, and it's not the default log-in screen
if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') ) {
if (is_wp_error($user)) {
//Login failed, find out why...
$error_types = array_keys($user->errors);
//Get the reason why login failed
if (is_array($error_types) && !empty($error_types)) {
$error_type = $error_types[0];
}
wp_redirect(preg_replace('/\?.*/', '', $referrer) . "?login=failed&reason=" . $error_type );
exit;
}
}
}
function qbeam_login_redirect( $redirect_to, $request, $user ) {
return ( is_array( $user->roles ) && in_array( 'administrator', $user->roles ) ) ? admin_url() : site_url() . '/my-account';
}
add_filter( 'login_redirect', 'qbeam_login_redirect', 10, 3 );
add_action('wp_logout','auto_redirect_external_after_logout');
function auto_redirect_external_after_logout(){
wp_redirect( 'https://www.qbeam.co.uk/login/?loggedout=true' );
exit();
}
Then add something similar to this in your login page where your custom login form is.
<?php
if( "error" == $_GET['login'] && "blank" == $_GET['reason'] )
{
echo
"<div class='alert alert-warning alert-dismissible container' style='margin-top:20px; margin-bottom:20px;'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<strong>Error!</strong> Form Cannot Be Blank, Please Try Again.
</div>";
}
?>
You then do a banner for every error that you may encounter on your custom login form, and then you can use a custom redirect to stop any non logged in users accessing wp-login, you can use a plugin for this or another bit of code in your Functions.php.
Hope this helps someone else later.