WP-Members 3.3.5 introduces some new features as options. Eventually, these features will replace older functionality, but implementing them as optional features allows existing plugin users some time to get things implemented and worked out before these features become the standard.
Please understand that these features are new, and their implementation into the plugin itself is rather complex. They change significant elements of how the plugin has managed user flow. For that reason, it is unknown how they will respond to all possible configurations and setups. In order to better manage that for all of the plugin’s current users, they are being introduced as “optional” so that the process of replacing old flows with new ones does not completely disrupt existing installs. In other words, if the process doesn’t currently work for your setup, you can turn it off until it does.
Some feature settings require additional setup, which is described here.
Account Confirmation Link
This feature sends a new user a confirmation link when they register. They will not be allowed to access the site until they have confirmed their account.
If the user does not confirm the account, the link will expire in 6 hours and the user would have to register again.
IMPORTANT: If you activate this feature on a site with existing users, none of those users will have been marked as confirming their emails. You can confirm existing users manually in the Users > All Users screen, or there is a code snippet you can use to mark all existing users as confirmed.
IMPORTANT: This feature is not currently compatible with WooCommerce integrations!!
Additional Configuration Required
You must enable the feature setting “Enable WP Login Error.” The activation link option uses the WP login error object for specific messaging in the form. So you need to also replace the WP-Members login error with the WP login error by enabling this additional setting (see “Enable WP Login Error” below).
It is recommended that you configure the plugin to allow users to create a password at registration. There is no need to send the user’s password via email. In fact, that capability will eventually be phased out as the Activation Link feature becomes standard in the plugin. To enable a password as part of registration, enable password (and, ideally, confirm password) in the WP-Members Fields tab.
It is recommended that you edit messaging and emails accordingly. The successful registration message should be updated in the Dialogs tab to inform the user that they will receive an email requiring them to activate their account before access. Similarly, the process will automatically include the activation link at the bottom of the new registration email. If you want to customize where the link is placed, use the [confirm_link] shortcode in the email.
Password Reset Link
This feature replaces the password reset process with a link. When the user requests a password reset, a link will be emailed to the user. When the user clicks the link to activate the password reset process, they are directed to a password change form.
The reset link expires in 6 hours, at which point the user would need to attempt another reset.
This feature is currently an option that you have to implement. In plugin version 3.4.0, it will become the standard setting and in order to use the current (legacy) process, you’ll need to deactivate the password reset link option (rather than the other way around). In plugin version 3.5.0, the current password reset process (that sends a new passwords) will be removed completely.
Additional Configuration Required
You must enable the feature setting “Enable WP Login Error.” The password reset link option uses the WP login error object for specific messaging in the form. So you need to also replace the WP-Members login error with the WP login error by enabling this additional setting (see “Enable WP Login Error” below).
It is recommended that you edit the password reset email accordingly. The process will automatically include the activation link at the bottom of the email. If you want to customize where the link is placed, use the [reset_link] shortcode in the email.
Additionally, in order for the password reset URL to be complete, you need to have set the plugin setting for the User Profile URL as this is where the user is going to be directed in order to create a new password. Without setting this, the URL in the email will be incomplete, and you may or may not direct the user to a page where the password can actually be reset. It must be a page that contains the [wpmem_profile] or [wpmem_form password] URL. (See documentation about the “User Profile URL” setting and about the [wpmem_profile] shortcode.)
Enable WP Login Error
This feature replaces the WP-Members login error message with what is contained in the WP login error message object. The formatting of the message is still the same – the WP-Members div tag is still used. The only difference is that messaging is slightly different.
The primary reason for this change is that when WP-Members was first introduced (ages ago, back in 2005/06), there wasn’t much in the way of additional login authentication integration. But that has changed drastically. So many people now use additional authentication such as captchas, or brute force login blockers that all add custom messaging to the login error. In order to apply those in the past, you needed to implement a custom code snippet.
For the time being, this is being included as an option you can choose to not enable. As we gain feedback on the feature, I will work on setting a specific version for when the plugin will fully switch over to this feature. Tentatively, that is set for 3.4.0.
Note: if you use one or both of the response/email link processes above, you must enable the WP login error option as well. Otherwise messaging may not be accurate to the user.