Replies
- ParticipantLevel: GuruPosts: 903Tosin on June 14, 2019 at 11:55 am in reply to: [Resolved] How to disable public and private messages for specific users #23508This reply has been marked as private.
- ParticipantLevel: GuruPosts: 903
AWESOME!!!!
Just one more thing how to change the login error to (Invalid Email or Password!) for both wrong username or email and password input.
Thanks
- ParticipantLevel: GuruPosts: 903
I would prefer to use email address to login into a buddypress site as communication using @mention reveals other members usernames which can be used for brute force login attempts, but email addresses are unique and more secure except if the user decides to reveal it publicly.
- ParticipantLevel: GuruPosts: 903
Thanks for the recent update it works. Now for better security I do not use username to login but only email address with custom login error message. When I applied the code below in my functions.php. The login error that shows is (invalid request) instead of (Invalid email or password) as indicated in the code below, also the limit login attempts does not work with the code below. Is there another way to achieve login with email address only without any form of compromise with the bp branded login plugin.
remove_filter('authenticate', 'wp_authenticate_username_password', 20); add_filter('authenticate', function($user, $email, $password){ //Check for empty fields if(empty($email) || empty ($password)){ //create new error object and add errors to it. $error = new WP_Error(); if(empty($email)){ //No email $error->add('empty_username', __('Email field is empty.')); } else if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ //Invalid Email $error->add('invalid_username', __('Invalid email or password.')); } if(empty($password)){ //No password $error->add('empty_password', __('Password field is empty.')); } return $error; } //Check if user exists in WordPress database $user = get_user_by('email', $email); //bad email if(!$user){ $error = new WP_Error(); $error->add('invalid', __('Invalid email or password.')); return $error; } else{ //check password if(!wp_check_password($password, $user->user_pass, $user->ID)){ //bad password $error = new WP_Error(); $error->add('invalid', __('Invalid email or password.')); return $error; }else{ return $user; //passed } } }, 20, 3);Thanks for your support
- ParticipantLevel: GuruPosts: 903
Hello sir,
I will be expecting your feedback on the login attempts counter on the bp branded login using
https://wordpress.org/plugins/limit-login-attempts-reloaded/
or
https://wordpress.org/plugins/limit-attempts/ - ParticipantLevel: GuruPosts: 903
I was also wondering if you can enable support for either of this 2 plugins to display limit login attempts counter on the bp branded login page for security reasons.
https://wordpress.org/plugins/limit-login-attempts-reloaded/
or
https://wordpress.org/plugins/limit-attempts/ - ParticipantLevel: GuruPosts: 903
Hello,
I finally found the culprit which is a plugin called page restrict at https://wordpress.org/plugins/pagerestrict/ when I deactivated the plugin the login errors are now showing
Thanks for your patience and support
- ParticipantLevel: GuruPosts: 903
similar problem was indicated here https://stackoverflow.com/questions/31066775/how-to-retrieve-wp-error-in-custom-login-form
- ParticipantLevel: GuruPosts: 903
I have removed the custom code but the error does not show inside the theme on the page but it is showing in the url address bar as below
I removed the custom redirection code but the ?login=failed still shows in the url as indicated above
It’s quite weird that the error shows in the address bar but not in the theme
- ParticipantLevel: GuruPosts: 903This reply has been marked as private.
