Version Not Safe against Brute Force Attack

Hi @mweducator,
If you’ve logged in with your administrator login/pass then you have all accesses to your dashboard. Administrator is always administrator, it doesn’t matter what login form you’ve used to login.

Please understand that wpForo is a plugin, it doesn’t have its own user and login system. The wpForo login form is the same WordPress loin form with different design. wpForo has nothing to do with your WordPress security and login issues. Because all processes of authorization, and accesses to dashboard are performed by WordPress. And the title of this topic doesn’t have any relation to wpForo either.

Then in next update you must design a custom login page separately for Forum only keeping in mind that No One should enter into WordPress Website Dashboard. No one means No one not even Administrator if he goes through wp foro login. This is a must security thing according to nowadays trending brute force attack issues everywhere.

@mweducator,
You’re using WordPress. All WordPress plugins are based on WordPress user and login system. That’s why they are called “plugins”. Plugins are not standalone systems, they are extensions, addons… If you want to have a standalone forum then you should not use forum plugin, you should use a standalone forum platforms like phpBB or MyBB.

There is no way to have separate login in WordPress, because the login process is the same for WordPress and for WordPress plugins. Because, the users are the same for WordPress and for WordPress plugins. There is no way to separate forum and WordPress users, thus there is no way to have different authorization system. This is just impossible for “plugins”.

The only solution is installing a new WordPress in some subdomain or subdirectory, install wpForo in that WordPress. So the Dashboard of the forum WordPress will be different Dashboard and the main website WordPress dashboard cannot be accessed by the forum users.

• This reply was modified 2 years, 11 months ago by gVectors Team.

Hi @mweducator,
wpForo uses WordPress login/logup system, but provides its own form for the login, but it is stil WordPress login system, so it doesn’t matter you login from wpForo form or from WordPress form. There is only one login system.

then one feature that you must provide in next update is ” enable/ disable file uploading option for users in the forum”. this is important according to me and some of my friends because some hackers try to upload a hacking code through various executable types files. Well you have provided to limit the file extension type while uploading by users but you have not provided the option if I as an Administrator want discussion only without any type of file attachment.

@mweducator,
The permissions in forums are based on usergroups. You can disable file attachment feature for certain usergroup for each forum individually.

For example, the usergroup of subscriber’s is the “Registered” by default. And the “Registered” usergroup has “Standard” access to all forums. You just need to edit the “Standard” access in Dashboard > Forums > Settings > Forum Accesses Tab and uncheck/disable the “Can attach file” permission.

That’s it.

Please read wpForo Forum Accesses and Usergroups documentation to manage all permissions of your users:

• How to disable attachments: https://wpforo.com/community/how-to-and-troubleshooting-2/disable-attachments/
• Understanding forum accesses and usergroups: https://wpforo.com/community/faq/wordpress-user-roles-wpforo-usergroups-and-forum-accesses/
• Forum Accesses: https://wpforo.com/docs/root/wpforo-settings/forum-accesses/
• Usergroups: https://wpforo.com/docs/root/members/usergroups-and-permissions/
• How to create private forum: https://gvectors.com/how-to-set-up-private-forum/

yeah thanks Got it but it does’t have feature to prevent user’s from posting a link infact link feature was given to all the user’s instead we should have had right to choose which badge user should post link.

we should have had right to choose which badge

@mweducator,
There are tons of tools to control new users and their content. You just need to read more and be familiar with wpForo before using it. There SHOULD NOT be an option to stop users inserting a link based on their badge. You’re asking something very specific.

Instead of that, wpForo removes all URLs from posts for users who don’t have minimum X number of approved posts. For example, if your new registered user doesn’t have 3 approved post, his/her links will be removed automatically. You just need to set that X number of posts limit in Dashboard > Forums > Tools > Antispam Tab:

Even more, all new posts can be set unapproved for certain usergroup or for new registered users. The unapproved posts are only visible for administrators, so you can check and approve them manually. Please continue reading and understanding how wpForo antispam control works. Here are good links:

• https://wpforo.com/community/how-to-and-troubleshooting-2/how-to-enable-post-approval-for-all-members/#post-51874
• https://wpforo.com/community/how-to-and-troubleshooting-2/approval-post/#post-31820
• https://gvectors.com/how-to-disable-topics-and-posts-moderation/

P.S. You’re getting off-topic, please open new topics if you have further questions. The best way to get support is registering at wpForo Support forum: https://wpforo.com/community/