Conflict with iThemes Security

  • I’m a fan of Theme My Login. Also a fan of iThemes Security.

    iThemes Security has a couple of user related options: enforce strong passwords and force unique nicknames (found under WordPress Tweaks).

    The issue appears to be with force unique nicknames.

    With my TML configuration, when using TML to register, it creates new pending user account with login name the same as nickname. When admin approves, it sends email to user with link to resetpass. This is where there is a conflict.

    The Force Unique Nickname setting requires nickname change on password change if login name and nickname are the same. Resetpass is not aware of force unique nickname, so only passes new password back for validation. Validation fails due to force unique nickname setting.

    TML interprets the failure as password not meeting strong password requirements, so presents misleading error.

    I realize that this isn’t a problem with TML, but an interaction between TML and iThemes and force unique nickname. I do appreciate the added security and privacy of forcing a unique nickname.

    I’m posting this that it might help others who encounter this and to suggest a feature request that I think would address this.

    My current temporary solution is to disable iTheme’s force unique nickname setting. That resolved the issue with resetpass failing.

    For a longer term solution, I plan on creating a custom solution via theme-my-login-custom.php.

    Feature Request:

    Option 1: Add to registration form
    Since nickname is a required WP user field, could the field be added to TML registration page? I would assume that you could add a setting on whether to force unique nickname in TML settings and, if set, then do a check on TML register page if field value for user name != field value for nickname.

    Option 2: Add to resetpass form
    Since password reset triggers nickname reset if nickname not unique, then providing field to change nickname here would also work. I haven’t traced the exact error return, so don’t know if it is different from strong password error. But assume that you could could put a check in for this field by passing current nickname (if not unique) in data tag.

    Thanks for considering

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jeff Farthing

    (@jfarthing84)

    How does this work when using wp-login.php?

    Thread Starter timjeenyus

    (@timjeenyus)

    My default WP config is that users can’t register via wp-login.php. I’m using Theme My Login to handle registration.

    If I turn on enforce unique nickname and users can’t register, the Admin must create new user and is required to provide First and Last names. Nickname is then created as first name + last name.

    If username and nickname are not unique (i.e. both are jane doe), then on 1st login, user is required to change nickname.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Conflict with iThemes Security’ is closed to new replies.