When I used this plugin, I received a warning that my password was compromised. However, when I checked the site https://haveibeenpwned.com/ that appears in the link in the warning message, there was no actual leak.
I guess this is because OTP is treated as password.
Below is the warning text(by Wordefence
WARNING: Your login has been allowed because you have previously logged in from the same IP, but you will be blocked if your IP changes. The password you are using exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. Please change your password. Learn More
]]>Hi,
The browser will recognize the OTP input field as a password field and will ask you to update your registered username and password each time you log in. This is very annoying.
]]>Activation of Version:?2.0.25 on woocommerce site Version 9.3.3 causes a failure on checkout on free products. There are no error messages beyond the transaction failed and sometimes logging the user out of the site. As soon as I disabled this plugin the issue went away and I was able to sell 0.00 items.
]]>Hi.
Is this plugin compatible with “WP Everest User Registration”?
Hi, thanks for this plugin.
I discovered a missing translation variable for “Verify your email first!”, see screenshot. Loco Translate cant translate it.
]]>Hello,
I was setting up the plugin and testing to see if the email verification worked when I noticed there is no option in the plugin to edit the “verification in progress” popup.
I was wondering how can I edit it, translate it and much more.
]]>Hi, I have a custom registration page and would like to know if I can point your plugin to it?? Any hook/filter/function that I can point to my page???
]]>Hi,
i’m not able to login with my woocommerce login with this error– An invalid form control with name=’password’ is not focusable.
if i try wp-admin loin it working well.
Please help me to fix this error.
thank you
]]>I just set up the plugin and it seems to work well except for one thing:
If I have reCaptcha enabled for the registration page, it does not work, saying the user field is empty, even though it is not.
I am using reCaptcha v3. Any workaround for this?
]]>Hi, I was wondering if your plugin is compatible with Classifier plugin?
]]>Hello!
Everything was working fine but suddenly the link in the email to verify the account stopped working, could this be because I have to update some plugins?
Thank you!
I installed it then try to register as a nee user but didn’t get the email verification email… please advise how.
]]>Hello, please which plugin is compatible with this plugin for users login OTP or to show field where users can enter email to receive OTP? I used paid membership pro plugin as users login page, but when I opened the login page it won’t ask to enter email to receive OTP instead it will prevent users from logging, when they filled their login credentials and hit login button they will still return to the login page. Please help on resolving this issues. Thank you for your assistance.
]]>Hi all,
I am using the plugin with WordPress 6.5.4. I have enabled the email verification as well as the recaptcha feature.
The email feature is working fine, I haven’t found issues so far. I got issues when enabling the recaptcha feature. I enabled it “on default registration page” and since then, the registration fails with. The problem is, that I get the error, that the username and password is empty and I get redirected back to the login.
Unfortunately, the upload of photos does not work. Here are two screenshots: https://ibb.co/hMCCTdK https://ibb.co/Vp3W8Kx
Thank you very much for the support!
BR, Andreas
]]>Hello, The plugin sends an OTP to unverified user.
Steps to reproduce:
1. Configure plugin to send user verification email.
2. Enable email OTP based login.
3. Create a new user but dont click on the confirmation email.
4. Goto login page, and enter the same email which you used above.
5. The plugin will send an OTP to the unverified email.
6. If the OTP is entered an error message is displayed: Incorrect username/password
Expected behavior:
The plugin should not send an OTP to unverified email address.
We activated User Verification in an attempt to stop ongoing spam user registrations. Accounts are still being created, and I understand now this plugin allows the account creation but prevents login until verified. So, We could use the Delete Unverified function but I need some clarification because we have many existing users.
Under Tools: Delete unverified users
Will this delete any existing users? They have never verified their email addresses. In the dashboard they are listed as “Old user”
Existing user as verified
Why is this NOT recommended?
Mark all existing user as verified. (*Not Recommended)
Finally, we run a WordPress Multisite network. Will this delete the user at the network level, or only remove them from the subsite?
]]>On the config page for this plugin is a setting called “Existing user as verified interval” which gives me the option of a bunch of time periods from 10 minutes to weekly.
What does this do?
]]>Hello, I like the plugin, but I am facing a problem that every day a user from outlook is being adding like pending. The user is xtw18387+02 and change the numbers with @outlook.com. Is this plugin because I deactivated every plugin and made test.
]]>I don’t want to force the user to verify email first to login the site. My website works in such a way that after logging in, if the user verify email, then will get additional features. Is it possible if the user is does not verify email, then not receive the “email not verified error message” and have a successful login or register?
]]>Firstly, love this plugin. And love the fact it’s actively supported. Kudos.
I discovered an issue by chance just now. I had a stack of spam registrations (I’m not sure how but I’ll look into that further) and of course they are all unverified, which is expected.
The Problem
I have the setting enabled to Delete unverified users with a 360 delay, once daily. But I wanted to delete them all now, so I resorted to the trusty Cronjob Scheduler plugin which I often use for debugging and testing during development. I found the cron action called user_verification_delete_unverified_user which I am pretty certain is instigated by your plugin. The problem is that when I manually trigger the action, I see my users count go down, so some unverified users must be getting deleted, but I also still see a stack of unverified users that didn’t get deleted.
Am I misunderstanding something? Or is this a bug?
PS: Any chance we can have an Unverified view in the users page like this mockup?
User Verification 2.0.24 is unfortunately conflicting with WooCommerce 8.9.1. After installing, Woocommerce shop settings blanked out and drop-down options disappeared. They returned right after I deactivated User Verification. Hopefully this can be rectified since I’d like to use it in conjunction with WooCommerce. Thanks!
]]>The plugin has great features.
However, the OTP is clearly visible in the network data thus presents a security loophole / backdoor to hackers.
Big vulnerability. Hope its not deliberate.
Hello,
when the user receives the email verification and after clicking verification it receives another email how I can stop sending the second email?
Best Regards,
]]>Existing user cannot log in while plugin is enabled.
It works fine for new registrations/sign ups. I’ve had to disable this plugin.
Any thoughts on as to why this happens to existing users ?
Thanks!
]]>Hi,
I’ve been trying different methods to verify an user… but now when I deactivate/uninstall the user verification plugin I still receive the email with the subject “Verify your account” with the content “
Almost done! please click the following link to verify your account
With WP Email Logging in the JSON It is displayed that the cause of the mail is User Verification Plugin… Even when I uninstall the plugin I receive that email when I register as a normal user.
I’d be grateful if you can help me, thank you.
]]>This seems to be a useful plugin! I have a membership site with user profiles, etc. Does this trigger every single time a user logs in, or does it stop once the email has been verified? If they’re logging in multiple times a day or every day, I wouldn’t want them to have to verify their email each time.
Thanks.
]]>Hi,
Some months ago I’m using user verification plugin and it was working correctly but now in the 6.4.2 WordPress Version I realized that it wasn’t sending any verification to the users when they got registered, I tried to send the verification manually in the users panel admin but that didn’t work either, it appears the next error. (The wp debug is enable but it doesn’t appear any error)
Thanks
]]>I am using MemberPress plugin and Nextend social connect to signup. I want my email verified when using Nextend Social Connect.
I have tried the following solution, but it didn’t work.
// Hook to run after user registration
add_action(‘nsl_register_new_user’, ‘auto_verify_user’, 10, 1);
function auto_verify_user($user_id) {
// Mark the user as verified
update_user_meta($user_id, ‘user_activation_status’, 1);
}
// Disable the email verification
add_filter(‘user_verification_email_templates_data’, ‘disable_email_verification’, 10, 1);
function disable_email_verification($email_templates_data) {
// Disable the email_resend_key template
if (isset($email_templates_data[’email_resend_key’])) {
$email_templates_data[’email_resend_key’][‘enable’] = ‘no’;
}
return $email_templates_data;
}
Please help.
Thanks.
]]>Hi..
Although email verification is enabled ..in a recent attack these last 2 days I got bulk registration of spam users as subscribers.
Maybe it is the way the plugin works ..allowing users to register, without allowing them to login until they verify their email address.
Is it?
Spooky thing is that these users appear in users list.
I just wanted to ask if it is safe for the plugin to work this way – for users to be able to register but not login until verification – or there is a backdoor somewhere.
Kind thanks
]]>Hi,
I have rolled back to version 2.0.19 to use Woocommerce OTP
On login screen after send OTP if an user clicks on login button without entering the OTP, the error message shown is
- Error: The password field is empty.
Ideally, it should show the error as
Error: OTP should not empty.
Please guide / fix.
Thanks
P.S. You can test at https://pptest1.instawp.xyz/my-account/ and use the email ID as [email protected]
]]>