Question

  • whitelies

    (@whitelies)


    11 years ago

    Hi,

    My site is using a custom user registration form and login. There is a custom manual approval process.

    However, I noticed that even though the user is not approved for our custom system, it is able to login directly from the renamed login page. I.E. The main WordPress login.

    How do I prevent that?

    Is there a way where I can speak to you more in-depth about it on how to prevent that?

    https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    11 years ago

    Hi whitelies if you Enable Rename Login Page Feature: under Brute Force they will not be able to login via your WordPress login anymore.

    Regards

    Thread Starter whitelies

    (@whitelies)

    11 years ago

    Yes, I have already enabled that.

    They know about the admin renamed login via the lost password feature.

    How should I prevent that?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    11 years ago

    Have you ever thought of using a membership plugin to manage your members?

    Thread Starter whitelies

    (@whitelies)

    11 years ago

    I used a custom plugin for a specific users management.

    My custom plugin uses like a status function ($status == 0) on the custom login page to determine if the user is activated or pending approval.

    My custom login page is able to do that effectively.

    But the user can bypass the system by going to the main WordPress login area.

    Is there a way where I can my custom plugin user status to this plugin so that there is no loophole?

    Is there a way I can privately talk to you about it?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    11 years ago

    Hi whitelies one of the plugin developers will asses your issue further.

    Thank you

    Plugin Contributor wpsolutions

    (@wpsolutions)

    11 years ago

    Have you tried using our User Registration manual approval feature?
    This will not allow people with newly registered accounts to be able to login until you specifically approve them.

    Thread Starter whitelies

    (@whitelies)

    11 years ago

    How do I disable the email that will be sent out when the user is approved?

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Question’ is closed to new replies.