radiok

Unfortunately, there is, as yet, no way to natively embed the registration form into a page from within Register Plus Redux. Other users have had varying success with different implementations, but the general consensus is epic fail. I’ve looked into shortcode in the past, and it’s an idea I kick around from time to time, but I haven’t really had the time to invest in this feature.

? I assume this was put into the wrong forum by accident.

Your registration page, https://www.singaporehometutors.com/wp-login.php?action=register, looks ok to me aside from the fact that you haven’t defined any options for “Qualification”.

If you switch to stock theme, such as Twenty Fourteen, are you still having the same appearance issues?

What theme are you using?

No offense taken, but I still wouldn’t blame any particular plugin. The spammers are out there hunting us all down regardless of what we implement on our sites. I think what you are seeing is that the spam software being used to work around WP-reCAPTCHA (which is my personal pick as a captcha plugin) generally fills out all other fields with random two letter combos. You can change your captcha but you’ll still be getting attacked regularly, you just need to determine the best solution for you. Again, the solution I’ve provided MAY slow down your spam rate for a small amount of time, but it’s only a matter of time until the spam software interprets text based questions and figured out how to answer them.

What makes you think the plugin is causing these users to appear? I think you are just getting spammed, period. (Sidenote: I should revise my recommendations about captcha, I’m finding it less and less usefully daily. Spammers OCR is getting incredibly good.)

Here is my current spam solution. I still get the odd spammy user, but this cut things down a bit.

View post on imgur.com

Try that out and tell me what you think of the results.

This is a poorly documented feature, I agree. Regardless you would get to it using a WP_User object. If you added a custom field gender, you can access that property on the WP_User using the following syntax. $user->gender

To not store the password in user_meta, you must not allow user set passwords.

I did, recently have the beginning of an idea. Perhaps I could reverse engineer how WordPress will ultimately hash the password and store that hash in user_meta then move that hash to the appropriate location after the user is activated… It’s something to consider.

I’ve addressed this quite a few times, but I’ll do it again. Passwords could be encrypted, but they cannot be hashed because we need to restore that password after the user is activated. The simple solution is not to allow user defined passwords. You may say, well, regardless, why not encrypt it? Well, it’s a trivial task, certainly, but… If your usermeta table is compromised, you have a bigger problem than a few user passwords being exposed, especially considering after the user activates that meta data is dropped, so this is only a temporary placement of sensitive data. Again, if back-end data access is obtained, this will most likely be the least of you problems. And, honestly, what’s the point, anyone with the skill to get this data could EASILY decrypt it. My encryption method would be in the Register Plus Redux PHP files which are open source and freely available. And finally, they cannot login with this information as these users are inherently unactivated. Therefore this is a bit of a long con. They have to sit on the password until the user drops off that table.

Considering the number of times this has come up, I will look into creating a warning on the settings page notifying administrators of the potential weakness.

Sounds like a plan. I’ll see about getting Custom Admin messages working via WordPress for Networks too. I think it was just a infrequently used feature so I never had a big push to get it working on WordPress for Networks.

Yeah, you were not set up as a Super Admin. I would look into that, that’s the access level required to hit that page.

What’s the page generating that error?

You can delete the test post, I saw the error… the page where you network activate would be… um… something like wp-admin/network/plugins.php

Ok, yeah you are clearly on WordPress for Networks. Custom Admin messages is one of the features I have yet to port to WordPress for Networks, so that explains that. Regardless, you must make certain that Register Plus Redux is Network Activated from the Network Admin Plugins page. It will not operate correctly individually activated on specific sites.