A new year, and a fresh upgrade for WP-Members! Version 3.2.5 is a feature release with some fixes. Continue Reading →
WP-Members 3.2.5
Home of WP-Members, The Original WordPress Membership Plugin
Chad Butler · ·
A new year, and a fresh upgrade for WP-Members! Version 3.2.5 is a feature release with some fixes. Continue Reading →
This setting will prevent any login from being used in more than one browser concurrently. This includes additional computers and locations. The primary purpose of this options is to prevent login sharing. While it is impossible to prevent login sharing 100%, this makes it more difficult since one user logging in will automatically log that username out in any other existing session.
When this setting is enabled, you can choose from two possible options:
While captcha in the login form is not necessarily recommended, it is one of the most requested features. Enabling the captcha setting will utilize whatever captcha is set in the main WP-Members Options.
This option will track all failed logins. You also have the option to be notified as the admin when a failed login occurs.
Adds additional settings to lock out a user after too many failed login attempts. Prevents brute force login attempts.
This setting will set a flag when a random password is generated so that when a user logs in with that random password, they will be prompted to change it before continuing to use the site. This is implemented it two places. First, in the plugin’s default configuration where a random password is sent to the user upon registration; and second, if a forgotten password is reset. This adds a layer of security by requiring the user to set a password themselves once they have logged in with the random password.
Similar to the above process, if a password is expired, the user will be required to change it to continue using the site. You can specify the time period required for password expiration. When this setting is used, anytime the user changes their password (or if a password is randomly set via registration or forgotten password reset), a new timestamp is set. Anytime the user logs into the site, the timestamp of the last password change is checked against the expiration period.
This setting restricts a user from re-using passwords. You may specify the number of previous passwords recorded (i.e. password cannot be one of the 5 most recent passwords used).
Enabling this option will include the WordPress password strength meter in the form. The form will not be able to submit until the password meets the selected minimum strength.
When used, the meter will be included wherever the password is entered. The primary location for this is in the change password form. But, if a password field is used in the registration form to allow the user to set their own password at registration, the password meter will also be included there.
IMPORTANT: If using a password field in the registration form along with this setting, you MUST include a confirm password field for the password meter to work correctly.
The password strength meter is WordPress’ internal strength meter. It uses the zxcvbn library. While it is somewhat technical, the article here gives a good description of the zxcvbn library’s concepts and a description of what is insecure about LUDS (lowercase, uppercase, digit, special character) password models. There is a demo here that shows you how various password compare using the model. (That’s a demo of the password strength library, not the plugin’s use of it. If you want to know how it works, it’s the same meter that can be found in the WordPress user profile edit screen.)
This setting adds a generate password button to the form. It will remove the confirm password field. You may need to apply CSS to adjust it to match your form style. You can do this with the WordPress Customizer.
When this setting is enabled, the change password form will include a confirm current password field. The user will be required to enter their current password in order to change the password.
A honey pot is a form field that is hidden from human users. To a bot or an automated registration, this form field will look like any other form field to be completed. Bots will generally enter data in a honey pot field. When the registration form is submitted and data validated, if the honey pot contains an entry, an error is returned preventing the registration from occurring. A honey pot is the most effective method of stopping registration spam – more effective than CAPTCHAs. It has the added benefit of being hidden from users and thus presents a far better user experience than including a CAPTCHA.
For general information on what a honey pot does and how it works, see this post.
Enabling either of these options will run the username, email address, and IP address of each registration through that system’s API to determine whether it is likely spam. This, coupled with a honey pot is far more effective than a captcha on the registration form.
When this is enabled, any custom database tables the plugin installs will be removed when the uninstall routine is run (“delete” in the WP plugin screen). This removes the failed login tracking and login lockout tables.
Chad Butler · ·
Chad Butler · ·
For the past 9 months, I have been working diligently on the biggest update WP-Members has seen in quite some time. Version 3.2.0 will implement some new features that will expand the flexibility of the plugin and bring in new features that I’ve been wanting to incorporate for awhile.
Here is a run-down of some of the updates you can expect to see. Continue Reading →
In the early days of WordPress, themes and plugins were pretty limited. Tracking down issues was not as problematic. Today you have themes that try to be plugins, plugins that are essentially separate applications, and site administrators that install many (sometimes many many) plugins, some of which may not necessarily be up-to-date with current WordPress standards, if at all.
This makes it extremely difficult to diagnose your problem when it is as simple as “I set {some setting} and the result was {not as expected}.”
If you are following best practices, you already have a test site set up for testing. Start by using that, not your live site.
If you’re new to WP-Members, ideally you would test it out before you install a hundred additional plugins. Set up a test site and use it with no plugins and a basic theme such as the current WP default theme. Do this before you start bringing other factors into play.em
If you’re having problems, try disabling other plugins first to see if there is some compatibility issue.
Whatever you do, don’t automatically assume the issue is WP-Members. The plugin is pretty robust. Most issues that people experience are the result of some outside force, not following directions, or simply not understanding the basic functionality of the plugin. I’m certainly not suggesting the plugin is perfect and that I’m never wrong. But in more than a decade of developing and supporting this plugin, things are fairly solid around the main components of the plugin.
Keep in mind, incompatibility with another plugin or theme is not the same as incompatibility with WordPress core functionality. Remember it’s a WordPress plugin – not a {name-of-plugin-here} plugin.
The best way to get to the root of the issue is to start basic and build from there.
See: The plugin isn’t blocking my content…
See: Are files protected?
See: Passwords are not being included in Emails
WP-Members gives you the ability to change the settings for how the plugin blocks content. The default setting is to block posts and allow individual posts to be set to unblock at the post level. You can change this setting so that all posts will be viewable by default. If you then have a post that you want blocked to registered members only, you can set the post to block at the post level.
If you are using the default settings (as mentioned above), and you have a post that you want to be unblocked (viewable by any user, not just logged in users), on the Edit Post page there will be a meta box in the upper right hand corner “Page/Post Restriction”. Check the box to block the post/page and update to save the setting.
For more information, see Override the Default Setting for Posts in the Users Guide.
For information on removing/changing old post meta “block” and “unblock”, see this post.
These settings can be managed on the WP-Members admin panel found under Settings > WP-Members
For more information, see Add Fields in the Users Guide.
WP-Members was designed to fully integrate with WordPress to allow maximum compatibility not only with WP, but also with other plugins that rely on WP user registration information, such as discussion forums, email newsletters, etc. The user information is in the main WP users page under Users > Users, then click “Edit” under an individual user. Any non-native WP fields (WP-Members custom fields) are added to the bottom of this page and are fully editable. (Note: if you don’t have any registered users yet, i.e. a clean install, these fields will not display until there is data in them.)
Additionally, user information can be added to the Users > All Users panel by checking the box in the “Users Screen” column in the plugin’s Fields tab.
Some user data can also be edited in the Users > All Users panel. There is a screen option added that lists users who have not yet been exported, as well as bulk actions added to the Bulk Actions menu for exporting and activating (if moderated registration is enabled). A full list of users can be exported using the “Export All Users” button at the bottom of this screen.
For more information, see Managing Users in the Users Guide
Most people are unaware that WP-Members uses the native function wp_mail, and that wp_mail sends messages from wordpress@mydomain.com. But it is easy to override this.
To change the email address that the WP-Members emails come from, you can set this address in the plugin’s email settings. For more information, see Set a Custom Email Address in the Users Guide.
To change the email address that all WordPress emails come from, you can do it with a couple of filters added to your functions.php file or you can do it with a plugin.
Yes! All of the style and layout elements are driven by CSS. You can create your own stylesheet to determine the look and feel of the forms to better integrate with your theme. In fact, that is encouraged.
You can create a custom stylesheet from scratch, or you can use one of the existing stylesheets as a starting point.
The plugin has integration into the WordPress Customizer, so you can also use the Customizer to apply custom CSS.
This page in the plugin documentation has information to get you started with choosing a stylesheet and customizing one of the existing stylesheets. It also includes information on some of the filters that can be used.
If you use one of the side-by-side layout stylesheets, those use a float property for the label and the input. These two elements must be the exact same height or they will be out of alignment. The stylesheets when tested with the specific WP default theme indicated and the default WP-Members form fields will align. However, in another theme and/or with additional fields, that may or may not be the case. If the elements do not align when used in another theme this is the result of inherited properties from additional styles in the theme that need to be accounted for.
There are several simple and easy solutions. First, the fast fix is to use one of the “no float” stylesheets included in the plugin download.
The best solution is to set up a custom stylesheet. This is something you should do anyway so that your forms are consistent with the look of your theme. Please see the documentation on customizing the stylesheet.
There is a freely available post here that describes specifically how this comes about and how you can make specific adjustments to it.
You should never make changes to the plugin’s core files. The plugin has an extensible framework, so the proper way to approach customization is through the use of action and filter hooks. There are lots of examples in the premium support code snippet library of customized functions and features that utilize the framework of filter and action hooks. There are also various user API functions and shortcodes you can use to customize your output.
To store you customizations, you can use either a custom plugin file or your theme’s functions.php file.
WordPress is compliant for use with Globally Recognized Avatars (or “gravatars“).
See this post on how to use the wpmem_sidebar_status filter to add a gravatar to the sidebar widget. (For those of you that are not yet premium members, this article is a free sample of the great code snippets and tutorials available to members.) And for premium members, this post shows you how to add an avatar to the user profile page.
For users who want to override WP’s gravatar support with a custom avatar, you can do so by implementing an image field in the registration form and using that field as an avatar image. There is a code snippet available that allows you to do that.
See: How do I create a “forgot password” link in the login form?
See: How do I create a “forgot password” link in the login form?
If a particular string is not translating and it is not a custom field, the most likely two possibilities are either:
WP-Members is now part of the wordpress.org polyglots project. This means that when a language pack is available for the language you run WordPress in, it will download automatically from wordpress.org. However, this only happens if the language pack is at least 95% complete. Translations with complete language packs are listed here.
If you want to participate in translation as a contributor, you are free to do so. If you have an interest in being identified as an editor, feel free to contact me (You do not have to be identified as an editor or contact me to contribute to translations – only contact me if you have an interest in being an editor). Editors can approve suggested translations. Having an identified editor for a specific language moves the process to completion faster and benefits all users. However, you need to be available on the WordPress Slack channel and be willing to stay up to date. (It doesn’t mean you have to translate everything yourself – just be available to approve translation suggestions and check-in regularly.) There are several languages that currently have no designated editor. Note that the general editors for some language locales will require that you participate as a contributor before being approved as an editor.
Language packs that are included in the plugin download are no longer supported. They continue to be included to fill in the gap until language packs from the polyglots project are complete. I would recommend that you use the polyglots language packs as these will be the most up to date. Even if a language pack not complete, you can still download it manually for use in your install.
See Multi-language Considerations
See how to import users.
Let me preface this by saying that you should put some thought into whether your redirect is really necessary. There are good redirects and there are bad. I don’t generally recommend redirecting the user because you will find that you end up with something confusing in most cases.
With that in mind, there are several ways to implement redirects.
Login:
Registration
Logout
Unfortunately, no. The primary reason is that this is a small business with expenses to cover. I’m not offended by people asking because I do understand the situation smaller non-profits are in. If you’re a club or association run by volunteers and little to no budget, I get it. But please understand that building and maintaining this software project is my sole income. It’s fun, and I enjoy it, but it’s also how I put food on the table. Providing support and maintaining the plugin takes considerable time, and the labor cost of providing support to you is the same whether you are a non-profit or anyone else.
The core plugin is freely available for everyone, as is all of the plugin’s documentation. Customizing the plugin follows WP’s system of filter and action hooks. There is no “secret sauce” that I hold back to get you to buy. But buying support and/or add-ons (regardless of whether you use them or not) is what keeps this plugin available for everyone.
Ready to get started?