WooCommerce integration shortcode redirect

  • Resolved DB

    (@destructiveburn)


    1 year, 3 months ago

    Hello, I love the idea for adding WooCommerce intergration but I have one thing I do not like about the 2FA management shortcode part of it. When you enable it and it’s on the my-account page, and someone not logged in clicks on that page, it ends up bring you to the backend login page which I have hidden. It defeats the purpose of having that login hidden. This should all be done on the “my-account” page and not the backend login.

    Can you fix this redirect. Currently I have two options.
    1. disable the entire option to have “WooCommerce integration” (my option currently)
    2. Dont even bother hiding the backend login.

    I rather leave the backend login to me and everyone else use “my-account” page.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter DB

    (@destructiveburn)

    Hello? No response?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @destructiveburn, thanks for highlighting your observations.

    Please note that you might be able to avoid the shortcode in your case if the two options above in Login Security are checked. The /my-account page should be covered by the Show Wordfence 2FA menu on WooCommerce Account page option.

    This option is not necessary for sites where users can see the “Login Security” menu when using wp-admin/ or when using the separate option to show the 2FA menu on the WooCommerce account page.

    https://www.wordfence.com/help/login-security/#enable-2fa-management-shortcode

    However, if you are using a custom page so using the shortcode is unavoidable, I’ll mention the behavior you’re seeing to the team as a consideration during future development updates.

    Although it is something that many people swear by, and can help a little in certain situations, we don’t find hiding the login URL to be particularly beneficial. Over half of all login attempts that are made on WordPress sites are made via xmlrpc.php. Blocking this, requiring 2FA with authentication requests using XML-RPC on the Login Security > Settings page, and enabling 2FA for your administrative users should provide a solid level of security with a default login path.

    Thanks,
    Peter.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WooCommerce integration shortcode redirect’ is closed to new replies.