• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

  • WordPress Plugins
    • WP-Members
      • FAQs
      • Quick Start
      • Documentation
      • Extensions
    • Advanced Options
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Download Protect
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Invite Codes
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • MailChimp Integration
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • PayPal Subscriptions
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Salesforce Web-to-Lead
    • Security
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Text Editor
      • Purchase the Plugin
      • Get the Pro Bundle
    • User List
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • User Tracking
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Memberships for WooCommerce
    • WordPass
  • Store
    • Cart
    • Checkout
  • Blog
    • Basics [Free]
    • Tips and Tricks
    • Filters
    • Actions
    • Code Snippets
    • Shortcodes
    • Design
    • Release Announcements
  • Contact
  • Sign In
  • Show Search
Hide Search
Home » Plugins » Security » Security Documentation » Options

Options

Prevent Concurrent Logins

This setting will prevent any login from being used in more than one browser concurrently.  This includes additional computers and locations.  The primary purpose of this options is to prevent login sharing.  While it is impossible to prevent login sharing 100%, this makes it more difficult since one user logging in will automatically log that username out in any other existing session.

Enable Registration Form Honey Pot

A honey pot is a form field that is hidden from human users.  To a bot or an automated registration, this form field will look like any other form field to be completed.  Bots will generally enter data in a honey pot field.  When the registration form is submitted and data validated, if the honey pot contains an entry, an error is returned preventing the registration from occurring.  A honey pot is the most effective method of stopping registration spam – more effective than CAPTCHAs.  It has the added benefit of being hidden from users and thus presents a far better user experience than including a CAPTCHA.

Require Random Passwords to be Changed on First Use

This setting will set a flag when a random password is generated so that when a user logs in with that random password, they will be prompted to change it before continuing to use the site.  This is implemented it two places.  First, in the plugin’s default configuration where a random password is sent to the user upon registration; and second, if a forgotten password is reset.  This adds a layer of security by requiring the user to set a password themselves once they have logged in with the random password.

Require Passwords to be Changed Every X Period

Similar to the above process, if a password is expired, the user will be required to change it to continue using the site.  You can specify the time period required for password expiration.  When this setting is used, anytime the user changes their password (or if a password is randomly set via registration or forgotten password reset), a new timestamp is set.  Anytime the user logs into the site, the timestamp of the last password change is checked against the expiration period.

Require Strong Passwords

Change Password form displaying both confirm current password and password strength meter (require strong passwords).

This setting adds the WP password meter to the setting of the user’s password.  When used, the meter will be included wherever the password is entered.  The primary location for this is in the change password form.  But, if a password field is used in the registration form to allow the user to set their own password at registration, the password meter will also be included there.  IMPORTANT: If using a password field in the registration form along with this setting, you MUST include a confirm password field for the password meter to work correctly.

Confirm Current Password

When this setting is enabled, the change password form will include a confirm current password field.  The user will be required to enter their current password in order to change the password.

 

WP-Members Security

Plugin Info

Current Stable Version: 1.3.0
Minimum WordPress Version: 3.6
Tested up to WordPress Version: 5.6

Documentation

    • Setup
    • Options
    • Blacklist
    • Filter Hooks
    • Action Hooks
    • Change Log

Get the Plugin

  • Purchase the Plugin
  • Get the Pro Bundle

Ready to get started?

Join Today!

© 2021 · butlerblog.com · RocketGeek is built using WordPress, WP-Members, and the Genesis Framework

  • butlerblog.com
  • WP-Members Support Subscription
  • Terms of Service
  • Refund Policy