Blog

Advance WordPress User Login Plugin Guide

An Advance WordPress User Login Plugin

⚒ Reinventing WordPress User Login

With the release of RegistrationMagic plugin 4.0, the in-built user login system has been considerably upgraded. All login and logout options have now been moved inside login form’s own dashboard area. Finally, you can manage login, logout, registration, contact and any other form under a single powerful and reliable WordPress User Login Plugin.  With this foundation, we can roll out more innovative features for WordPress user login and registration forms in coming months. So, without further ado, let us walk you through what’s new!

Download the free yet feature-packed version from our WordPress page.

The Login Form Card

“All Forms’ section of our WordPress user login plugin displays both prebuilt and user created forms. Login form card has always been pinned to the first position, ahead of WordPress registration forms. But beside displaying plugin’s login form shortcode, it has offered little. We have changed that. While hovering cursor above it, you will notice two familiar links. Login form now has its own Dashboard and Fields pages. We’ll start with the dashboard.

WordPress user login plugin Login Form Card

RegistrationMagic Login Form Card

A. The Login Form Dashboard

Welcome to the brand new Login Form dashboard! Although identical to registration and contact form dashboards in look and feel, you will find new set of icons and stats. That’s because login form is inherently different. Here’s a summary of all Dashboard elements:

WordPress Login Form Dashboard

RegistrationMagic Login Form Dashboard

The Line Graph

📈 Visualizing WordPress Login Activity

The line graph of WordPress user login plugin represents Login Success vs. Failures on your site. Similar to the registration and contact form line graphs, you have a choice to swap time period between 7, 30 (default), 60 and 90 days. As a result, it’s an excellent place to see what’s going on with your login form. Large variations between lines can point to an issue with the page or alert you about a brute force attack.

WordPress user login plugin Login Graph

RegistrationMagic WordPress Login Graph

The Submission Activity Tracker

🔔 Staying On Top Of  WordPress Login Notifications

In contrast to registration forms, the Submission Activity Tracker in second column now represents the login events via the plugin, with user details. Because these events do not have equivalent submission pages, the items in the list are not clickable.

WordPress user login plugin Login Activity Tracker

WordPress Login Activity Tracker

The Build Section

🏗 Building That Perfect Login Form using WordPress User Login Plugin

The Build section provides controls to edit and modify the view of your custom Login Form of your WordPress user login plugin. Furthermore, it has three icons leading to respective settings pages:

  1. Fields
  2. Design
  3. Logged In View
WordPress Login Form Build Section

RegistrationMagic Login Form Build Section

1. Fields

The Fields link takes you to the Login Form’s Fields Manager. Remember, this link is also accessible from the form card! This is where you tweak plugin’s login form.

Because it’s a login form, you cannot add other custom fields to it. Despite this, you still get a fair amount of flexibility. Plus, Username, Email and Password fields are now fully editable with newer options. Additionally, you can add custom icons, styles, placeholders, labels for buttons, etc. Also, you can remove password field altogether to auto-generate passwords for your users.

WordPress user login plugin Field Manager

Fields Manager

WordPress user login plugin Password Options

Password Options

WordPress user login plugin Username Options

Username Options

2. Design

Finally, you can edit design of Login Form of your WordPress user login plugin in the Visual Design Editor. While this was standard across custom registration and contact forms, login form still had to inherit theme’s properties (which it still does by default). Be ready to add a bit of visual flair to your form!

WordPress Login Form Design Options

Login Form Design Options

Redesigned WordPress Login Form

Redesigned WordPress Login Form

3. Logged In View

The login form you just built can take care of things before user has logged in (or after a logout). But what will your users see on login page after logging in? While many WordPress User Login Plugins add a line or two of static text with a logout link, we didn’t think that was a bright idea. So with this release, you will have greater flexibility on what appears to the user on login page after login. Moreover, the view applies to widgets associated with the plugin. Definitely relevant for the sites with a persistent login form rendered on every page via a widget.

Also, these settings allow you to add custom greeting text, custom salutations, avatar, custom text, links, etc. And of course, logout link is also present by default.

RegistrationMagic WordPress Logged In View Settings

Logged In View Settings

RegistrationMagic WordPress Front-end Logged-In View

Front-end Logged-In View

The Configure Section

⚡️ Power And Security For User Login

Here, you will find all the settings for Login form’s behavior. Likewise, it is divided into:

  1. Redirections
  2. Validation and Security
  3. Password Recovery
  4. Two-Factor Authentication
  5. Email Templates
RegistrationMagic WordPress Login Form Build Section

RegistrationMagic Login Form Build Section

1. Redirections

Role based custom redirections are here! From a humble redirection option in Global Settings, we have expanded it into dedicated area inside the plugin. Both custom login and logout redirections are possible for each role. Certainly, a super handy tool for admins with substantial role focussed sites. Of course, you can still set a common redirection for all users if that’s what you want.

WordPress Login Redirections

WordPress Login Redirections

2. Validation And Security

Introducing a significant addition to plugin’s Login system. While adding a few important layers of security against hacks like brute force, it does not takes reigns from your hands. Many new options debuting here are fast becoming standard across the secure web. So, there’s no reason your website should be left behind!

Moreover, you can specify error messages for failure events too.

You can also:

  • Prompt users to reset their passwords.
  • Warn them when their username was used in a failed login attempt.
  • Send updates to the admin.
  • Enforce reCAPTCHA after a certain number of failures.
  • And even ban an IP after successive failures with fully customization ban durations!

Although indispensable on registration forms, many of us do not add reCAPTCHA to our login page. It’s a trade-off, to avoid inconvenience to actual human users of our sites. While true, this is also an open bait for brute force attacks. A common hack, where a bot will try to force through the plugin’s login form. The bot will batter it with seemingly never-ending password combinations. Now you can add reCAPTCHA which appears only after certain number of failed attempts. Further failures can be configured to ban the IP, temporarily or permanently. A temporary ban can enforce a logout state for custom cool down time.

3. Password Recovery

Password Recovery allows you to add a custom password recovery link tour login form. Or, you can completely hide it if you want. We are working on adding more options to this area.

4. Two-Factor Authentication

Two-Factor Authentication is gaining popularity in wake of data theft and growing risks of unauthorized access. Hence, RegistrationMagic WordPress User Login Plugin now offers custom Two-Factor Authentication algorithm. You can set OTP type, length and expiry along with its behavior. It also supports regeneration of OTP with rules. Further, you can enforce Two-Factor Authorization on specific user roles!

5. Email Templates

Introducing a new set of custom User and Admin email templates triggered by login events to complement existing user registration templates. What’s more, they arrive with new content shortcodes to make your notification even more powerful. These templates are divided into two sections:

Emails to the User

These are the emails which are sent to the user. They include:

a. Failed Login Attempt Email Notification
This email is triggered when someone tries to login using a valid username or email, but an incorrect password. Therefore, the recipient is the owner of user account. If the owner did not attempt the login, it points to suspicious login event. Probably it’s a good idea here to add an administrator’s contact details or link to a form on your site. This allows users to report back the incident. User feedback here can help you single out suspicious activities on your site.

Pro Tip: You can create a reporting contact form and paste its link in the template. Not only it allows you to track suspicious activities but also make sure it automatically attaches each report to sender’s account. Also, you can auto-fill user information in the reporting form using meta data – autofill contact form fields using user account. If you are using RegistrationMagic Premium, you can also forward all these requests to a designated security person.

b. One Time Password
Custom Template for sending one-time password.

Emails to the Admin

These are the emails sent to the admin.

a. Failed Login Attempt Email Notification
All failed login notifications are sent to the Admin with IP and time stamp.

Pro Tip: If you are on the move, and feel suspicious activity relate to your website login system, you can immediately block the IP right from the notification email with a single click.

b. IP Blocked email notification
This email send details when an IP is blocked based on rules set by you.

The Publish Section

📃 Front-end WordPress Login Page

The Publish section shows information related to front-end rendering of various login components:

  1. Login Box
  2. Login Button
  3. OTP Login
  4. MagicPopup
RegistrationMagic WordPress Login Form Publish Section

RegistrationMagic Login Form Publish Section

1. Login Box

A shortcode that renders login form on any page or post. Similarly, you can paste the shortcode inside a widget with an editor. If you need to display login inside a widget area, we would recommend next two methods.

2. Login Button (Widget)

It allows you to publish Login and Logout buttons anywhere on your site. Additionally, it provides you option to define your custom Login and Logout button labels with behavior.

3. OTP Login (Widget)

Another login widget that renders login form. Also, it supports OTP for users without an account on your site. OTP allows them to see their submissions and payments.

4. MagicPopup

A beautiful and powerful composite login system that employs overlays. As a result, it does not interferes with your WordPress theme or layout. Beside login, it renders custom registration form, user account information, logout button, WooCommerce shopping cart and much more!

The Integrate Section

🔌 A Social WordPress User Login Plugin

Using Integrate section you can allow users to login using popular external services like Facebook, Google, Twitter, Windows Live, Instagram, etc. Clicking on respective icons will take you to individual configuration schemes of each external service.

RegistrationMagic WordPress Social Login

RegistrationMagic Login Form Integrate Section

The Analyze Section

📊 Keeping An Eye On WordPress User Login Plugin Activity

Following on heels of success with registration forms, Analyze debuts for Login Form! Since a login form generates different set of statistics, we redesigned everything from scratch. The result is a pleasing, filtrable timeline view of login events. Moreover, the new section offers controls to make important decisions about these events.

Each login event is recorded with following data:

  • Username or Email
  • Time
  • IP
  • Browser
  • Method:
    • Normal
    • Two-Factor Authentication
    • OTP (Non-registered users)
    • Social
  • Login Result
    • Success
    • Failure
    • Password Reset
    • OTP Resent
    • OTP Regenerated
  • Failure Reason
      • Password Incorrect (Normal/ 2FA)
      • Username Incorrect (Normal/ 2FA/ OTP)
      • OTP Expired (2FA/ OTP)
      • OTP Invalid (2FA/ OTP)
      • reCAPTCHA Incorrect

    (Normal/ 2FA)

  • Password Reset Initiation
RegistrationMagic WordPress Login Form Analyze Section

RegistrationMagic Login Form Analyze Section

1. Login Analytics

The Login Analytics section displays two visual elements:

  • Login Timeline
  • Login Success vs. Failure Line Graph
Login Timeline

This is a visual table which presents a chronological list of login events. It replaces the regular table in Form Analytics. Also, each list item has a cog shaped button with drop-down menu. An Advanced View link on top reveals extra filters.

RegistrationMagic Login Timeline in Login Analytics

Login Timeline in Login Analytics

Following details are visible:

  • Login Date
  • User Avatar
  • Availability (Green Orb)
  • Browser (Icon)
  • IP (Red and crossed if IP was banned during failure)
  • Method – Normal/ 2FA/ OTP/ Social
  • Icon based representation of login result
  • Boolean Login result – True / False
  • Cog Icon (with drop-down menu.)

Clicking cog button will open a dropdown menu. It has actionable items related to login records.

Login Records Context Menu

 

  • Suspend User (If the user is already suspended, it shows ‘Activate User’).
  • Reset Password – Resets and resends strong password.
  • Block IP – Blocks IP in the record. If it is already blocked, it becomes ‘Unblock IP’.
  • Send Email – Opens popup to compose message to the user.
  • Details – Displays more information about the login in a popup.

First three items will trigger popup confirmation messages.

Clicking Details item shows detailed information in a modal. Here’s an example:

RegistrationMagic Login Details Popup

Login Details Popup

Advanced View in Login Timeline
Advanced View in WordPress Login Timeline

Advanced View in Login Timeline

Plus, Advanced View offers extra controls inside timeline table. It’s a single page view displaying all login records with following filters.

  • Login Type:
    • Any Default
    • Normal
    • 2FA
    • OTP
    • Social
  • Login Result:
    • Any Default
    • Success
    • Failure (All)
    • Incorrect Username/ Password/ reCAPTCHA, OTP
    • Expired OTP
    • Social Authentication Failure
  • Global Expression: Input box Searches username, first name, last name, IP.
  • Search Button
Login Success vs. Failure line graph

This is the same graph that appears on Form Dashboard.

2. Logs Retention

Logs Retention allows you to set a limit for keeping the logs. Therefore, it can help you in cleaning database and complying with local data laws.

WordPress Login Logs Retention Options

Logs Retention Options

B. User Manager

Now User pages in User Manager show login activity! Apart from registration, payments, emails and WooCommerce tabs, we have added a new one with timeline of user’s login activity.

WordPress User Manager Login Timeline

User Manager Login Timeline

C. Login and Logout Button Widget

Finally, a Login Logout Button widget which you can place on any widget position on your site! Additionally, it also supports contextual logout with ability to set login and logout button labels. You can even set sign-in form with registration link to open in a modal! Hover effects with Logged In View adds a dash of style. This maybe the only Login and Logout button widget you need on your user registration site.

RegistrationMagic WordPress Login Button Widget

Login Button Widget

Hope you enjoyed reading about our new User Login system. Despite being a module inside RegistrationMagic as a whole, it can potentially replace your current WordPress Login. Give it a try! We have kept many amazing login features FREE. And do not forget to check out the advance capability of RegistrationMagic’s WordPress registration form, in case you need to create a WordPress registration page to register your users.

Leave a Comment

Your email address will not be published. Required fields are marked *

shares