Custom login page – Login Security

[Dennis]

The login security doesnt seem to work at all when using a custom login page.

Anyone else have issues with this, or tips on how to get it to work?

[AITpro Admin]

http://forum.ait-pro.com/forums/topic/login-security-login-monitoring-read-me-first/#post-9030

If you have a custom login page that is hooking into the normal WordPress login process.  Example:  The Form Action is pointing to action=wp-login.php, then no matter where the custom login page is it should still be processed successfully, but if you are doing additional things that do not allow normal/standard login form processing then these things would be what is preventing login form processing.

Are you using another Login plugin or have you created the custom login page yourself? If you are using a Login plugin then please post the name of that plugin.

[Dennis]

I’m not using another login plugin. It’s a custom login page which uses wp_signon.

[AITpro Admin]

Are you doing something like this?  Offhand/at first glance probably what would need to be done in BPS is to add a hook (action or filter) or shortcode.  I would have to look into this further/in more depth to be able to determine the best approach.  At this point I don’t see an easy way to hook into the BPS Login Security Form processing.  Will post back here once we can look at this and test some things out.

http://codex.wordpress.org/Function_Reference/wp_signon

function custom_login() {
$creds = array();
$creds['user_login'] = 'example';
$creds['user_password'] = 'plaintextpw';
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( is_wp_error($user) )
echo $user->get_error_message();
}
// run it before the headers and cookies are sent
add_action( 'after_setup_theme', 'custom_login' );

[Dennis]

Yes, that’s how I use the function.

It would be a good feature to add, since many use custom forms for both login and registration. I suppose you were aware of this issue before? Keep us posted!

[AITpro Admin]

Do you allow anyone else to login, register, sign up or comment on this website?  If you are the only person who logs into the site then you can either protect your custom login page with either an IP address based security method or the simple query string method shown in the link below.

http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/

Nope, we have never looked at this before and have never been contacted about this before, but yes I agree it would be a very nice NEW feature to add to BPS.  Thanks for the idea.  🙂

[Dennis]

The website in question is currently on stage, and not live. I wanted to make sure once it goes live that it would not be vulnerable to attacks. It’s a community website, so that query wouldnt work very well. I suppose I have to resort to using the wp-login in the meantime.

[AITpro Admin]

What you could do for now is customize the wp-login page to get it looking exactly the way you want it to look visually.  WordPress makes this very simple and easy to do with hooks.

http://forum.ait-pro.com/forums/topic/customize-your-wordpress-login-page-customize-wp-login-php/

We will be testing wp_signon on either Saturday or Sunday so if a hook or shortcode addition is fairly simple then we will post that code here so that you can make the modification to your current version of BPS and then this would be standard code in all future versions of BPS.

 

[AITpro Admin]

Ok after looking at this and playing around with it we will not be moving forward with adding this to BPS.  The reason for that is it would be a “reinventing the wheel” type of thing.  We would have to create excessive and unuseful coding work just to make this work smoothly.  The smarter approach is just to customize the wp-login.php page.

[Alex Laxton]

Checkout their login access file and get all things at a glance where it looks visually good and secure.

[Author]

Posts