Security and accessibility issues

  • First the good: WPForms was easy to figure out and set up, though the settings area was not as intuitive as I would have liked. I got the pro version to have user-submitted posts and site registration. Support was prompt but there wasn’t a lot they could do for the issues I had.

    The issues: First, I wanted my users to be able to approve their own accounts using email verification. WPForms sent plaintext emails to the user containing their password, which was a huge security problem if they happened to choose their go-to password for my site. It should never send passwords unencrypted. The workaround I found (support didn’t suggest this) was to have the site autogenerate a complex password, which users then had to log in and change. It seemed simple enough, but a fair number of users couldn’t get through the process, so I lost customers who only got halfway through their sign-up.

    Then I discovered that the user-submitted-post forms I put together could not be navigated by disabled users who use a keyboard for everything. The tab will not take you to checkboxes or radio buttons. The workaround support suggested was to create a text-area-only form for keyboard-only users, which I did temporarily. It was an awful message to send to disabled users, and it created more work for me because it didn’t autopopulate my site. That’s when I started shopping for another forms company.

    tl:dr – big security flaw, poor accessibility for disabled customers.

    • This topic was modified 3 years, 11 months ago by stormborn412.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Ethan Choi

    (@ethanchoi)

    Hey @stormborn412,

    Thank you for sharing your honest feedback – we really appreciate it!

    I’m sorry that we may not have the ideal solution for now, though we’ve noted your suggestions for our team’s review for future development planning.

    In the meantime, if you’d like to hide the password in the email that is sent our when a user registers, you can consider using some custom code to change the user email. If this was not an option that was shared with you previously, I apologize for the oversight!

    In case it helps, here’s our tutorial with the most common ways to add custom code like this.

    For the most beginner-friendly option in that tutorial, I’d recommend using the Code Snippets plugin.

    Hope this helps!

    And if ever you’d like more help with using WPForms, please feel welcome to reach out. As a paid license holder, you have access to our email support when you submit a support ticket though the WPForms account dashboard.

    Have a good one ??

    • This reply was modified 3 years, 10 months ago by Ethan Choi.
    Thread Starter stormborn412

    (@stormborn412)

    Ethan, thank you for the kind response.

    I have not had success adding custom coding workarounds, even with tutorials, so when support offered it, I did not consider it a solution for me. That’s not your fault of course, and I’m sorry if I misrepresented your Support. It’s just not good that by default, a certain number of non-techy users like me will breach password security without realizing.

    I’m more concerned that accessibility for disabled users is on a future development list. It is a must-have.

    Again, thank you for your grace and patience.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security and accessibility issues’ is closed to new replies.