Find page url of form used to login?

  • Resolved supervinnie41

    (@supervinnie41)


    1 week ago

    Hello,

    I’ve been using your plugin for a while now and it works great. The only information I’m missing is which form is used to login. I have a shop and I would like to know if they use the form on the frontend, or use the wp-login (backend) form.

    I haven’t been able to find that information yet.

    Regards.

Viewing 5 replies - 1 through 5 (of 5 total)
  • nlpro

    (@nlpro)

    Hi @supervinnie41,

    The features that affect login are applied on the backend login form.

    +++ To prevent any confusion, I’m not SolidWP +++

    Thread Starter supervinnie41

    (@supervinnie41)

    I did not know that. But good to know! Thank you for the answer.
    I would think that bots also use the frontend login form, so maybe there is a setting or something that makes sure that these logins are also monitored for increased security?

    nlpro

    (@nlpro)

    Hi @supervinnie41,

    I may have been a little premature with my first response to your question. I think we need to distinguish between SolSec plugin login features that:

    • affect the login form display
    • affect the actual submit of the login form (authentication)
    • affect both of the above

    Usually the WordPress Core wp_login_form() function is used to display a frontend login form. A global (automated) search through the SolSec plugin code reveals that it hooks into none of the 4 filters included in this function!

    So let me rephrase my previous response. If the plugin login feature is supposed to alter the display of the login form then you will probably not see the changes in the frontend login form. That said, if the plugin login feature is supposed to affect the authentication (submit of the login form) then the feature will probably work, provided that the standard WordPress login/authentication form action is executed. This seems to be the case with login forms rendered by the WordPress Core wp_login_form() function.

    (Standard WordPress login/authentication form action = POST request of wp-login.php).

    Furthermore I don’t think you need to worry about brute force attacks. These usually happen (automated) using the WordPress Core wp-login.php and/or xmlrpc.php files directly.

    • This reply was modified 1 week ago by nlpro.

    Hi @supervinnie41,

    I have actually performed some tests (using a frontend login form rendered by the WordPress Core wp_login_form() function) and the test results confirm what I said in my previous post.

    If you require no further assistance please mark this topic as ‘Resolved’.

    Thread Starter supervinnie41

    (@supervinnie41)

    Thanks for all the extra information. I wanted to do some more testing myself before replying, but it didn’t really go as I planned ;-).

    My motivation is that I get quite a fair few of e-mails that a host/user has been locked out due to too many attempts (200+ a day). The mails are good, because it shows me how many try to get into my backend. But I have been trying to make it more difficult for them. But that hasn’t worked yet.

    This made me wonder if they are abusing the wp-login form, or if they are using the frondend login on the webshop. I kinda suspect they are using both, but it seems I only get e-mail warnings from the plugin regarding the backend login form.

    With this knowledge my next goal will be to try to get those mails down to just a few.

    Thanks for sharing the information.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.