Password recovery shows site URL

  • Resolved rbmusica

    (@rbmusica)


    3 months ago

    Hi, when a woocommerce user recover the password, the wordpress login page URL is shown. That is a bit defeating the purpose of the plugin hiding the real wordpress login url.

    Is it possible to setup the recovery password URL for woocommerce users different from wordpress users? WordPress users already know the real login URL, so they are recovering the password from the real login URL, no problem in showing the real URL to them, but woocommerce users are in a completely different category.

    Thanks for your support, other than this minor “bug”, the plugin works perfectly!

    • This topic was modified 3 months ago by rbmusica.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support MaximeWPS

    (@seinomedia)

    Hello,

    Thanks for using WPS Hide Login.

    WPS Hide Login hides wp-login.php and redirects this slug and wp-admin to 404.

    If your visitors are able to reach the login page, the plugin is useless.

    Thread Starter rbmusica

    (@rbmusica)

    Hi, thanks for your reply. What you say would be true if wordpress members and woocommerce customers would use the same login page, but they don’t.

    Woocommerce customers are not in the same class as WP members, and customers don’t see and don’t use the standard wordpress login page in the scenario I’m building, so if they are not aware of the real wordpress login URL it would be impossible for them to find out the wordpress login page, or to find out that there is an underlying wordpress install.

    When they recover the password, however, the real wordpress login page URL is exposed. I will try to do this in the next few days

    function reset_pass_url() {
        $siteURL = get_option('siteurl');
        return "{$siteURL}/mycustomfileCOPIEDFROMwp-login.php?action=lostpassword";
    }
    add_filter( 'lostpassword_url', 'reset_pass_url', 11, 0 );

    Do you think it will play nicely with WPS Hide Login?

    Thanks for your help, kind regards.

    Plugin Support MaximeWPS

    (@seinomedia)

    Hello,

    The plugin hides the login page to stop brute force attacks.

    These attacks can occure by the wp-login page or the Woocommerce login page. If one of these pages is public, WPS Hide Login is useless. I doesn’t serve to hide a login page from non-administrators users.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.