kirstie99

Thanks Shea – that’s great ??

It works on my site, but I’m not using Woocommerce and I know WC can cause issues.

Take a look at this article – it’s about using the plugin with WC and may give you some ideas until the plugin Devs reply on here:

https://websavers.ca/integrating-new-user-approve-wp-plugin-woocommerce

Here you go:

add_action('wpforo_register_form_end', 'nua_registeration_add_redirect_field');
function nua_registeration_add_redirect_field(){?>
<input type="hidden" name="redirect_to" value="https://www.yourexamplewebsite.com/redirected-page/">
<?php
}

Thanks doffine. I’ve just closed it.

I couldn’t agree more with Jonathan.

Jesse, v3 was groundbreaking and an absolutely brilliant plugin – both in terms of concept and ease of use.

Plus I loved the idea of redirecting bots and attackers instantly off my site to somewhere else.

As you advise, I’ll stick with v3 for the moment.

Thanks again ??

From my testing:

1. If someone/bot enters a VALID username and an incorrect password, they are redirected.

2. If someone/bot enters a VALID username, a correct password and an incorrect Authorization code, they are redirected.

3. If someone/bot enters a username that DOESN’T exist and an incorrect password they get the “ERROR: Invalid username. Lost your password?” error message and are NOT redirected.

This seems a little illogical to me. After all, most bots start off by trying to brute force “admin” as a username. As no one with any sense uses admin as a username anyway, this means that the bot will get the error message and continue trying to attack the login page as per the third case above.

So the login hasn’t really been “Stealthed” like in previous versions. Instead, it’s pretty much like we now need 2 passwords to login instead of one.

Surely it makes more sense to “bounce” a bot off our site to somewhere else (thus reducing the load on our site) if the bot uses a username that doesn’t exist or an incorrect password?

Thanks,

Kirstie.