This thread is resolved. Here is a description of the problem and solution.
Problem:
The issue here is that the user created a manual login form
<form name="loginform" id="loginform" action="https://mydomain.com/wp-login.php" method="post">
<div class="wp-success"></div>
<p class="login-username">
<label for="user_login">Your Email Address</label>
<input type="text" name="log" id="user_login" class="input" value="" size="20" />
</p>
<p class="login-password">
<label for="user_pass">Your Password</label>
<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" />
</p>
<p class="login-submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Log In" />
<input type="hidden" name="redirect_to" value="https://mydomain.com/my-account/" />
</p>
<input type="hidden" name="wpv_login_form" value="on"/><input type="hidden" name="wpv_login_form_redirect_on_fail" value="https://mydomain.com/incorrect-password/" />
</form>
They wanted to know if this code was safe to use.
Solution:
Yes this is ok, the authentications are handled by the wordpress api itself so the form just serves as an interface to that API.
There shouldn't be any security issues.
This support ticket is created 6 years, 5 months ago. There's a good chance that you are reading advice that it now obsolete.
This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| - | 9:00 – 12:00 | 9:00 – 12:00 | 9:00 – 12:00 | 9:00 – 12:00 | 9:00 – 12:00 | - |
| - | 13:00 – 18:00 | 13:00 – 18:00 | 13:00 – 18:00 | 14:00 – 18:00 | 13:00 – 18:00 | - |
Supporter timezone: America/Jamaica (GMT-05:00)
This topic contains 2 replies, has 2 voices.
Last updated by 6 years, 5 months ago.
Assisted by: Shane.
