Password unlock reveals admin hidden url to customers

  • Resolved RTton

    (@rtton)


    7 years, 4 months ago

    Hi,

    Very nice plugin, but when the “unlock request” feature is turned on when using woocommerce, then regular customers who log in through the https://www.website.com/my-account page have the the admins hidden url revealed to them via email if they password reset.

    So to be clear, if a customer who logs in to their account through https://www.website.com/my-account is locked out, when they request a password reset, the account unlock email sent to them will redirect them to the hidden url for the website.

    The hope or thought would be to have the unlock email sent to customers redirect them to https://www.website.com/my-account instead of the hidden url.

    This may be somewhat confusing to customers and also exposes the hidden url. Is there a way to redirect these customers to the correct /my-account page if they do a password reset?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, the plugin developers will investigate further your issue.

    Thank you

    Did the developers look into this one? I’ve seen other threads mentioning this secret url reveal.

    If the developers are not really interested in this issue, do you think there is a way we can redirect the password reset to https://www.website.com/my-account?

    I actually an acquainted with RTton and had this issue as well. With Woocommerce any subscriber, customer etc. usually use https://www.website.com/my-account as the login page so it would help us solve the problem to just redirect them to that page after a password reset.

    Mbrsolution I see you active answering lots of posts though, good job to you regardless.

    Thanks

    Plugin Contributor mbrsolution

    (@mbrsolution)

    @jkmaynard, thank you for your kind words.

    Unfortunately at present that is how this feature works in the plugin, until the developers decide to implement some other function if it is possible. In some cases I have suggested people to use a membership plugin to manage their members and leave the admin to only admin users.

    Unfortunately that is the best solution I can provide for now.

    Kind regards

    Plugin Contributor wpsolutions

    (@wpsolutions)

    I will take a look at the woocommerce hooks to see if anything can done using those.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @jkmaynard and @rtton,
    I’ve implemented a solution which I think will solve your issue.

    Can you please contact me via my website contact form (see my profile) if you wish to independently try it out to confirm it works as expected?

    • This reply was modified 6 years, 10 months ago by wpsolutions.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Password unlock reveals admin hidden url to customers’ is closed to new replies.