An Advance WordPress User Login Plugin
⚒ Reinventing WordPress User Login
With the release of RegistrationMagic plugin 4.0, the in-built user login system has been considerably upgraded. All login and logout options have now been moved inside login form’s own dashboard area. Finally, you can manage login, logout, registration, contact and any other form under a single powerful and reliable WordPress User Login Plugin. With this foundation, we can roll out more innovative features for WordPress user login and registration forms in coming months. So, without further ado, let us walk you through what’s new!
The Login Form Card
Login form card has always been pinned to the first position, ahead of registration and contact forms. But beside displaying plugin’s login form shortcode, it has offered little. We have changed that. While hovering cursor above it, you will notice two familiar links. Login form now has its own Dashboard and Fields pages. We’ll start with the dashboard.
A. The Login Form Dashboard
Welcome to the brand new Login Form dashboard! Although identical to registration and contact form dashboards in look and feel, you will find new set of icons and stats. That’s because login form is inherently different. Here’s a summary of all Dashboard elements:
The Line Graph
📈 Visualizing WordPress Login Activity
The line graph represents Login Success vs. Failures on your site. Similar to the registration and contact form line graphs, you have a choice to swap time period between 7, 30 (default), 60 and 90 days. As a result, it’s an excellent place to see what’s going on with your login form. Large variations between lines can point to an issue with the page or alert you about a brute force attack.
The Submission Activity Tracker
🔔 Staying On Top Of WordPress Login Notifications
In contrast to registration forms, the Submission Activity Tracker in second column now represents the login events via the plugin, with user details. Because these events do not have equivalent submission pages, the items in the list are not clickable.
The Build Section
🏗 Building That Perfect WordPress Login Form
The Build section provides controls to edit and modify the view of your custom Login Form. Furthermore, it has three icons leading to respective settings pages:
- Logged In View
The Fields link takes you to the Login Form’s Fields Manager. Remember, this link is also accessible from the form card! This is where you tweak plugin’s login form.
Because it’s a login form, you cannot add other custom fields to it. Despite this, you still get a fair amount of flexibility. Plus, Username, Email and Password fields are now fully editable with newer options. Additionally, you can add custom icons, styles, placeholders, labels for buttons, etc. Also, you can remove password field altogether to auto-generate passwords for your users.
Finally, you can edit design of plugin’s Login Form in Visual Design Editor. While this was standard across custom registration and contact forms, login form still had to inherit theme’s properties (which it still does by default). Be ready to add a bit of visual flair to your form!
3. Logged In View
The login form you just built can take care of things before user has logged in (or after a logout). But what will your users see on login page after logging in? While many WordPress User Login Plugins add a line or two of static text with a logout link, we didn’t think that was a bright idea. So with this release, you will have greater flexibility on what appears to the user on login page after login. Moreover, the view applies to widgets associated with the plugin. Definitely relevant for the sites with a persistent login form rendered on every page via a widget.
Also, these settings allow you to add custom greeting text, custom salutations, avatar, custom text, links, etc. And of course, logout link is also present by default.
The Configure Section
⚡️ Power And Security For WordPress Login
Here, you will find all the settings for Login form’s behavior. Likewise, it is divided into:
- Validation and Security
- Password Recovery
- Two-Factor Authentication
- Email Templates
Role based custom redirections are here! From a humble redirection option in Global Settings, we have expanded it into dedicated area inside the plugin. Both custom login and logout redirections are possible for each role. Certainly, a super handy tool for admins with substantial role focussed sites. Of course, you can still set a common redirection for all users if that’s what you want.
2. Validation And Security
Introducing a significant addition to plugin’s Login system. While adding a few important layers of security against hacks like brute force, it does not takes reigns from your hands. Many new options debuting here are fast becoming standard across the secure web. So, there’s no reason your website should be left behind!
Moreover, you can specify error messages for failure events too.
You can also:
- Prompt users to reset their passwords.
- Warn them when their username was used in a failed login attempt.
- Send updates to the admin.
- Enforce reCAPTCHA after a certain number of failures.
- And even ban an IP after successive failures with fully customization ban durations!
Although indispensable on registration forms, many of us do not add reCAPTCHA to our login page. It’s a trade-off, to avoid inconvenience to actual human users of our sites. While true, this is also an open bait for brute force attacks. A common hack, where a bot will try to force through the plugin’s login form. The bot will batter it with seemingly never-ending password combinations. Now you can add reCAPTCHA which appears only after certain number of failed attempts. Further failures can be configured to ban the IP, temporarily or permanently. A temporary ban can enforce a logout state for custom cool down time.
3. Password Recovery
Password Recovery allows you to add a custom password recovery link tour login form. Or, you can completely hide it if you want. We are working on adding more options to this area.
4. Two-Factor Authentication
Two-Factor Authentication is gaining popularity in wake of data theft and growing risks of unauthorized access. Hence, RegistrationMagic WordPress User Login Plugin now offers custom Two-Factor Authentication algorithm. You can set OTP type, length and expiry along with its behavior. It also supports regeneration of OTP with rules. Further, you can enforce Two-Factor Authorization on specific user roles!
5. Email Templates
Introducing a new set of custom User and Admin email templates triggered by login events to complement existing user registration templates. What’s more, they arrive with new content shortcodes to make your notification even more powerful. These templates are divided into two sections:
Emails to the User
These are the emails which are sent to the user. They include:
a. Failed Login Attempt Email Notification
This email is triggered when someone tries to login using a valid username or email, but an incorrect password. Therefore, the recipient is the owner of user account. If the owner did not attempt the login, it points to suspicious login event. Probably it’s a good idea here to add an administrator’s contact details or link to a form on your site. This allows users to report back the incident. User feedback here can help you single out suspicious activities on your site.
Pro Tip: You can create a reporting contact form and paste its link in the template. Not only it allows you to track suspicious activities but also make sure it automatically attaches each report to sender’s account. Also, you can auto-fill user information in the reporting form using meta data or intelligent shortcodes. If you are using RegistrationMagic Premium, you can also forward all these requests to a designated security person.
b. One Time Password
Custom Template for sending one-time password.
Emails to the Admin
These are the emails sent to the admin.
a. Failed Login Attempt Email Notification
All failed login notifications are sent to the Admin with IP and time stamp.
Pro Tip: If you are on the move, and feel suspicious activity relate to your website login system, you can immediately block the IP right from the notification email with a single click.
b. IP Blocked email notification
This email send details when an IP is blocked based on rules set by you.
The Publish Section
📃 Front-end WordPress Login Page
The Publish section shows information related to front-end rendering of various login components:
- Login Box
- Login Button
- OTP Login
1. Login Box
A shortcode that renders login form on any page or post. Similarly, you can paste the shortcode inside a widget with an editor. If you need to display login inside a widget area, we would recommend next two methods.
2. Login Button (Widget)
It allows you to publish Login and Logout buttons anywhere on your site. Additionally, it provides you option to define your custom Login and Logout button labels with behavior.
3. OTP Login (Widget)
Another login widget that renders login form. Also, it supports OTP for users without an account on your site. OTP allows them to see their submissions and payments.
A beautiful and powerful composite login system that employs overlays. As a result, it does not interferes with your WordPress theme or layout. Beside login, it renders custom registration form, user account information, logout button, WooCommerce shopping cart and much more!
The Integrate Section
🔌 A Social WordPress User Login Plugin
Using Integrate section you can allow users to login using popular external services like Facebook, Google, Twitter, Windows Live, Instagram, etc. Clicking on respective icons will take you to individual configuration schemes of each external service.
The Analyze Section
📊 Keeping An Eye On WordPress User Login Plugin Activity
Following on heels of success with registration forms, Analyze debuts for Login Form! Since a login form generates different set of statistics, we redesigned everything from scratch. The result is a pleasing, filtrable timeline view of login events. Moreover, the new section offers controls to make important decisions about these events.
Each login event is recorded with following data:
- Username or Email
- Two-Factor Authentication
- OTP (Non-registered users)
- Login Result
- Password Reset
- OTP Resent
- OTP Regenerated
- Failure Reason
- Password Incorrect (Normal/ 2FA)
- Username Incorrect (Normal/ 2FA/ OTP)
- OTP Expired (2FA/ OTP)
- OTP Invalid (2FA/ OTP)
- reCAPTCHA Incorrect
- Password Reset Initiation
1. Login Analytics
The Login Analytics section displays two visual elements:
- Login Timeline
- Login Success vs. Failure Line Graph
This is a visual table which presents a chronological list of login events. It replaces the regular table in Form Analytics. Also, each list item has a cog shaped button with drop-down menu. An Advanced View link on top reveals extra filters.
Following details are visible:
- Login Date
- User Avatar
- Availability (Green Orb)
- Browser (Icon)
- IP (Red and crossed if IP was banned during failure)
- Method – Normal/ 2FA/ OTP/ Social
- Icon based representation of login result
- Boolean Login result – True / False
- Cog Icon (with drop-down menu.)
Clicking cog button will open a dropdown menu. It has actionable items related to login records.
- Suspend User (If the user is already suspended, it shows ‘Activate User’).
- Reset Password – Resets and resends strong password.
- Block IP – Blocks IP in the record. If it is already blocked, it becomes ‘Unblock IP’.
- Send Email – Opens popup to compose message to the user.
- Details – Displays more information about the login in a popup.
First three items will trigger popup confirmation messages.
Clicking Details item shows detailed information in a modal. Here’s an example:
Advanced View in Login Timeline
Plus, Advanced View offers extra controls inside timeline table. It’s a single page view displaying all login records with following filters.
- Login Type:
- Any Default
- Login Result:
- Any Default
- Failure (All)
- Incorrect Username/ Password/ reCAPTCHA, OTP
- Expired OTP
- Social Authentication Failure
- Global Expression: Input box Searches username, first name, last name, IP.
- Search Button
Login Success vs. Failure line graph
This is the same graph that appears on Form Dashboard.
2. Logs Retention
Logs Retention allows you to set a limit for keeping the logs. Therefore, it can help you in cleaning database and complying with local data laws.
B. User Manager
Now User pages in User Manager show login activity! Apart from registration, payments, emails and WooCommerce tabs, we have added a new one with timeline of user’s login activity.
C. Login and Logout Button Widget
Finally, a Login Logout Button widget which you can place on any widget position on your site! Additionally, it also supports contextual logout with ability to set login and logout button labels. You can even set sign-in form with registration link to open in a modal! Hover effects with Logged In View adds a dash of style. This maybe the only Login and Logout button widget you need on your user registration site.
Hope you enjoyed reading about our new User Login system. Despite being a module inside RegistrationMagic as a whole, it can potentially replace your current WordPress User Login Plugin. Give it a try! We have kept all plugin features (except two) FREE. And do not forget to check out other user registration and contact form guides on our blog.
- WordPress Registration Shortcodes List - August 14, 2018
- Advance WordPress User Login Plugin Guide - August 8, 2018
- 70% Drop in Direct Traffic Issue [Solved: Due to WordPress Release] - April 27, 2018
- Label Custom User Status & Execute Multiple Actions [Complete Guide] - April 9, 2018
- Create Intelligent Contact Form in WordPress [Breakthrough Ideas] - February 8, 2018
- Setup payments on Registration form using Products [Payments Guide] - December 22, 2017
- Starter Guide: Setup User Registration System in WordPress - November 14, 2017
- How to Add Custom Fields to WooCommerce Checkout Form - November 3, 2017
- Setup Early Bird Registration for an Event on WordPress Site, with Ease! - April 20, 2017
- Reinvent WooCommerce User Registration Process & Increase Sales! - April 17, 2017