Critical Login Query
-
Following my thread on login queries, I’ve found something that would be of critical importance to any user that is using a ‘hide my login’ type plugin to hide their credentials.
First I set up a basic forum and changed the layout, and it looks pretty good.
So I thought I’d now play with the login from a new browser to see how it worked.
WITHOUT first turning on ‘Anyone Can Register’ in WordPress>General, I attempted to register on the new forum.
Checking the ‘users’ in WordPress, the new user had been added, so the WpForo software had over-ridden the wordpress settings.
On checking my email to retrieve login instructions though, there was the full login url INCLUDING the part that took the place of wp-admin – ie my hidden login ie ‘to set your password, please visit mysite.com/my-hidden-login-details’.
Obviously the forum cannot be used in this state, so how can the hidden login details remain hidden when a new member joins up?
-
Hi @deeveearr,
The email you see is the native WordPress email. This is sent by WordPress user registration functions which is used by wpForo on new user registration. So it contains URL to the native WordPress login page.If you want to change the native WordPress login URL to wpForo login page you should enable these two options:
— “Replace Login Page URL to Forum Login Page URL”
— “Replace Reset Password Page URL to Forum Reset Password Page URL”
in Dashboard > Forums > Settings > Features admin page:
No good I’m afraid.
The hidden login field still appears in the email sent from the forum, but only in one place now:
To set your password, visit the following address:
mysite.com/hidden-login-details/?action=rp&key=pc2Jcx3EmVx8KhNqIJkS&login=MMsTest
mysite.com/community/?foro=signin
How do I get rid of the first line of these addresses that contains the hidden login?
*edit*
This also raises concerns if someone wanted to reset their password.
Would the url complete with hidden login also appear in this case?
If you click it you’ll go to wpForo page not to your hidden page. Just click it and see.
And again, this is not wpForo issue, this is a WordPress issue. You can search for solutions in WordPress support topics or install WordPress Email Editor plugins. You should not try to fix it from wpForo side. wpForo is not the email generator. This is a general WordPress issue.
As an alternative, you always have a chance to change the user registration type and disable the “Email Confirmation” step by disabling the corresponding “Enable User Registration email confirmation” option in Dashboard > Forums > Settings > Features admin page. So your users can register without email confirmation. The password fields will be displayed on the registration form. They just need to fill the Username, Email, and Password fields and register. Here is the wpForo user registration form “with email confirmation” and “without email confirmation”:
The topic ‘Critical Login Query’ is closed to new replies.
