hampalm1

That just makes the tool unusable Hristo. I recently did a bulk compression and the duplicates took up 90% of my disc space and I was receiving alerts to upgrade my disc space with Siteground. Siteground is already expensive and there are reputed compression plugins out there that cost little or are even free like Smush. None of them eat up space on your server. So this doesn’t seem like a customer friendly solution to me

Ah, that sounds cool
I’m not very experienced with editing the database but i think I could do this. Thanks for the advice

Ah, actually the theme has paid Memberships Pro built in to it, so it seems like the simple memberships plugin maybe similar. The popup still raises questions, I think for this level of security to work, I need to remove the popop but I will have a think about this.
Thanks for all your time and advice

Thanks for the explanation that makes a lot of sense and that’s exactly what I experienced recently. I now use complex passwords and pay full attention to wordfence (-; which was alerting me before but I ignored it and I use wordfence 2FA for my account (Not sure how much good that really does to secure the dashboard from anyone not using my account details). Like you say there is only so much you can do, so I think I will just keep an eye on things but you have given me food for thought. That plugin sounds like a great solution but if I understand it correctly, I think it would actually make a memberships site unusable because if you were to change the url every time someone logged in users would never know where to go to login. Would that be a correct understanding of how the plugin works ?

OK, I might have to have a think through this. If I am leaving myself open to attack I’m not sure what the best solution is because as a memberships site, its essential to have a registration / login page all memberships sites have one. I could set the popup to redirect registrations and logins to the login page but I dont think that resolves the issues does it because this is just backdoor access to the encrypted login page. I dont really know what brute force attacks are but I do know wordfence alerts you of them, is that security enough or does it not enable you to stop them if they are using a VPN ?

The login link goes to my login page, the admin link goes to the front end of my website unless you take the php bit off the end and then it redirects to my login page. However, they don’t need to go to this page to register. They can register on the front end through the popup. The popup doesn’t redirect them to the login page, although it could be adapted to do that.

Let me clarify I have this right. My understanding is you are saying this plugin allows me to customise the url of the login page, meaning it can’t be found unless you use that url or at least this plugin secures the standard login page in some way which is great however, what I’m saying is if someone wants to get in to the site and cant get in via the standard login page they can just go through the registration on the popup, so if my understanding is correct the plugin becomes redundant. Does that make sense ?

I have a login modal popup on the front-end my site is a membership site, so every time someone signs up they are emailed a link to the login page even if the emails work there people will still receive the name of the page and as I say they can login on the front end anyway. So does this defeat the objective of this plugin ?

Interesting. Would that stop the site sending emails though as that was my initial issue. Because of the 2FA was preventing my email plugin from automatically authentication, that was my initial enquiry or are you saying the solution is to use All in one security because the plugin will not need 2FA to work only human beings trying to login will require 2FA ?

Also, its not the end of the world but if it renames the login page, does this mean I will lose the current branded login page or is it just a different url leading to the standard admin sign-on page

Kind regards

Thanks that sort of answers part of my question but what I really want to know is if the user has a choice of 2FA e.g. SMS or can they only use an authentication app ? Also I just tested setting myself up as a subscriber and I wasnt given the option to set up 2FA, so I have I done something wrong in terms of configuring wordfence to give users the option you refer to ?
Thanks

Haha what gave it away (-;

Thanks for getting back to me, we managed to resolve it, the problem was ironically 2 factor authentication. So to use this plugin and others ironically you need to turn 2FA off, thus defeating the object of increased security and i was recently hacked, so I’m pretty careful about this stuff now. However, I have wordfence installed and am now using a complex password, so for the time being hopefully that is sufficient but if you have any other advice about this I would be interested.

Kind regards

Andrew

I totally agree with everything you say however, there were reasons for these questions that I may not have made clear.

I have an authenticator app and use it for 2FA with Wordfence using it for me and other admins makes sense. I would like everybody who registers to my site to use 2FA of some kind even subscribers as my site is a memberships marketing directory. Subscribers are buyers and sellers and bloggers. So my question is if I set all user roles to have 2FA and given the option of what method they use or if I can select the method for different roles ? I just don’t want to make it such a challenge for customers to use my service that it puts them off ?

Thanks for the advice on Google captcha. Not sure what I did wrong before as I isued the copy function on the recaptcha site, the same as I just did but it worked this time, so thats great.