Lost password redirect

  • Resolved thecatim

    (@thecatim)


    3 years, 2 months ago

    My site gets a lot of attack attempts and I see scammers navigate to the lost password of Foro mostly. This is ok as I do not use any default users that they try however after they enter a user email on the following page then that will redirect to my WordPress login that I have changed and hidden the URL…so Foro displays what I have hidden in the URL?

    Here is my default setting however I cannot find a way to redirect after the user name enter page.

    I have tried the redirects in the member’s section but this replaces the Foro user enter page?

    See my settings here:
    https://drive.google.com/file/d/18FGnQuHhw7s4xsqXtDb2ZbqZWwICCZXz/view?usp=drivesdk

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support gVectors Dev

    (@gvectorsdevs)

    Hi @thecatim,
    You can set wpForo Login, Registration pages for your website, from Dashboard > Forums > Settings > Features Tab:

    Replace Registration Page URL to Forum Registration Page URL
    Replace Login Page URL to Forum Login Page URL
    Replace Reset Password Page URL to Forum Reset Password Page URL

    Thread Starter thecatim

    (@thecatim)

    Thank you for the suggestions that I have received but does not work for my issue as you have misunderstood my issue and unfortunately your plugin pose a grave security risk to any website.

    I just wanted to say that I am grateful that I can use your plugin in the free basic model as it has great features however IT security attacks have become very sophisticated since you would have first have created your plugin and you have not updated the security to where it should be. Please take my criticism only as constructive as I urge you to take my advice into consideration as we would love to keep using it and buy some of your extension plugins when we can get it in a stable secure mode.

    The problem that I have:
    I separated the user login between WordPress and Foro and with other plugins I have obscured my WordPress URL for exclusive internal use and knowledge.
    Foro after password should present the Foro password screen (not my WordPress) and then redirect to a custom thank you page.
    The settings you mentioned did not do this and from reading the help it will redirect my WordPress URL to Foro that making it highly insecure (we have obscured URL and WordFence guarding our WordPress URL so do not want to compromise this)

    Here are some recommendations I have:
    Security of plugins is directly related to your plugin sales so take this very seriously as you will see plugins under great scrutiny in the news.
    Have one single tab with all security settings duplicated there so I do not miss any when reviewing it.
    Provide a search inside the plugin for settings as your settings are hard to find…a great example is a plugin called Ajax search bar
    Have better help that is very concise on security
    Have a single page that is very up to date on all security..Microsoft has this as an example
    There are toolkits available to get around your gotcha2.0 so this setting you have is not helping even though we disabled xml-rpc access.
    Consider all the security tips that you can offer your users such as user account sync between Foro and WordPress is very severe if it defaults to on..security risks should default off on installation as opposed to showcasing your features.

    I develop websites for other organizations and use your plugin for them that suffer almost no attacks,….because we [link removed bymoderator – please do not spam] develop embedded solutions for other companies we have severe attacks that try and get access to our systems so they can embed their attack code into our systems…..I strongly urge you to understand my concerns well a speedily act on it

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Lost password redirect’ is closed to new replies.