Access to wp-login.php

  • I’ve just installed UM v2.0.7 and everything is going pretty well. It is good to see the UM team working hard to resolve the issues reported here and releasing regular updates.

    I’ve got my website with Settings > General > Anyone can register switched OFF. Previously, this would force the login page to mydomain.co.uk/login (the UM login page) which is what I expected and wanted to happen.

    Since upgrading to v2.0.6 and then v2.0.7 I’ve noticed that even with ‘Anyone can register’ switched OFF, I can still access wp-login.php. Part of the reason I disabled it was to help prevent spam registrations.

    Can it be fixed in the next version please?

Viewing 8 replies - 1 through 8 (of 8 total)

  • i was told this feature has been DEPRECATED in v 2.0 but you can use ssecurity plugins (itheme security,sucuri security) to disallow access to /wp-admin.php and /wp-admin

    • This reply was modified 6 years, 11 months ago by txpmr.
    Plugin Support calumallison

    (@calumallison)

    Hi,

    We’ve changed how the plugin works and UM registration form now works when “Anyone can register” is turned off so that UM registration works but regular wp registration method is disabled.

    Thanks

    Thread Starter aeonflow

    (@aeonflow)

    @calumallison IF I’ve understood you correctly, what you are saying is that if I register via WP it should efault to the UM registration page?

    I’ve just re-enabled the “Anyone can register” option in Settings > General, logged out, gone back to the wp-login page and clicked “Register”. IT then asked me for a username and password and sent me an e-mail to create a password. I did this and it created a new WP user with the role of “Subscriber”. This user was prevented from accessing the restricted areas within my UM website but I was able to go to mydomain/login and access a UM profile for the user too.

    My view is that both the login and registration pages should default to the UM versions to keep things secure and to take advantage of the elegant styling these pages have in UM. This is how it used to work and I thought it worked very well.

    Either that or I have misunderstood something?

    Thread Starter aeonflow

    (@aeonflow)

    @calumallison To clarify, if I turn the “Anyone can register” option OFF, the option to register as a new user from wp-login.php disappears (as you’d expect).

    My question really is why wp-login.php is still accessible? I want to use the much more elegant and stylish UM login page. Is there a way to default to this (without using a security or 3rd party plugin) like it used to?

    I have to agree with aeonflow. I much prefer that the wp-login.php have the option of being disabled. Like it use to be.

    Yes. Major step backwards. The whole registration and login process is broken

    Plugin Support calumallison

    (@calumallison)

    Hi,

    This setting was removed from plugin as some people were configuring certain settings in the plugin which was causing them to lock themsevles out of the plugin.

    @mpbaweb Can you please contact us via our site:?https://ultimatemember.com/contact/sales/?so we can get more info on the registration and login process broken issues you mention.

    Thanks

    But how do you actually manage to logout?????? I had a menu item which went to the Logout page, but now this just shows as a page and no logout action is actually performed. I cannot log out at all.
    It’s COMPLETELY BROKEN

    • This reply was modified 6 years, 11 months ago by mpbaweb.
Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Access to wp-login.php’ is closed to new replies.