Alright, after searching for many hours I found out that Cerber actually overrides the functionality of wp-login.php
So, after deactivating Cerber and getting back my regular wp-login.php page, I played around and saw I could disable both registration and forgot password functionalities by adding the following code in my functions.php:
For disabling registration:
add_filter('option_users_can_register', function($value) {
$script = basename(parse_url($_SERVER['SCRIPT_NAME'], PHP_URL_PATH));
if ($script == 'wp-login.php') {
$value = false;
}
return $value;
});
For disabling Password Reset:
function disable_lost_password() {
if (isset( $_GET['action'] )){
if ( in_array( $_GET['action'], array('lostpassword', 'retrievepassword') ) ) {
wp_redirect( wp_login_url(), 301 );
exit;
}
}
}
add_action( "login_init", "disable_lost_password" );
However, when I turn Cerber back on and set a custom URL (I have set “site-login”) to overwrite wp-login.php, both register and forgot password continue to function.
So, can you please show me the tweak I need to add/modify to the functions above, so the desired effect can work on my “site-login” URL too?
Thank you.
Plugin Author
gioni
(@gioni)
Hi! I’ll be back soon. I’m off the grid now.
Plugin Author
gioni
(@gioni)
Yep.
1. Unfortunately disabling Lost Password and Password Reset features will not be implemented. There are certain reasons for that.
2. Registration can be disabled in the WordPress settings. There is no reason for duplication.
3. Give a try to the new Cerber antispam engine by enabling it for all forms on the website. Check this: Protect all forms on the website with bot detection engine.
Thanks for the reply.
Actually I don’t want Register and Forgot Password disabled, I just don’t want in accesible in the wp-login’s page because I’m using Ultimate Member.
After much testing I realised that when I disabled WP-Cerber and tried to access /?action=lostpassword/ or /?action=register/ in wp-login I get redirected to Ultimate Member’s links in the frontend, as it’s intended to do.
However, when I enable WP-Cerber back on, the backend links I mentioned above are accessible.
So I came to the conclusion that WP-Cerber overwrites UM functionality.
Can you please look into it and let me know if there’s a solution?
Thanks.
Also just to let you know that the “Disable wp-login.php” function is not working and that page is accessible.
I tried it on a clean localhost also.
Plugin Author
gioni
(@gioni)
Hi! Please check the last issue with version 5.2.
Hey, what did exactly the new version fix?
The wp-login.php is still accessible and not returning a 404.
Plugin Author
gioni
(@gioni)
Please check out the development version 5.21: http://wpcerber.com/development-version/