Security Risk in login page

  • Resolved Ian MP

    (@ianmp)


    4 years, 6 months ago

    Hello,

    While testing Cluevo, I found a security risk in the standard login page. If a user clicks on the “Login” button without entering either a username or password, cluevo dumps you out to the underlying standard WordPress environment login page, which is NOT where you want users to go, especially if you use (as I do) a hidden login page as this action exposes that page to public access.

    Is there a way to bypass Cluevo’s standard login page so that we can direct users to our own custom page with built-in redirect on acceptance / error?

    Regards from Ireland

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author CLUEVO

    (@cluevo)

    Hello ianmp,

    we’ll have a setting to disable the cluevo login page in the next update, if we can fit it in we’ll let you define your own login page so we can just redirect you there.

    [ Signature deleted ]

    • This reply was modified 4 years, 4 months ago by Jan Dembowski.
    Plugin Author CLUEVO

    (@cluevo)

    Sorry, this took a bit longer than expected, but we’ve just released the 1.5.0 version of the plugin. This lets you enable/disable the cluevo login page. You can also select a WordPress page of your choice to act as the login page.

    I’m closing this for now, feel free to pen another issue.

    [ Signature deleted ]

    • This reply was modified 4 years, 4 months ago by Jan Dembowski.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security Risk in login page’ is closed to new replies.