Fix for WordPress user registration process while ‘Better WP Security’ is installed

Standard

The users of ‘Better WP Security’ plugin should know that it changes the WordPress default login, logout and register URL to custom ones. If the WordPress site is installed with the referred security plugin and user registration is turned on, the registration process will be broken. It will simply load the page and will do nothing. Few search reveals the solution is to change the core wp-login.php page to alter the register URL and add the secured key generated by the ‘Better WP Security’. I didn’t agree with the solution as it leads to hack the core. So, I came up with the following solution that will work at theme level or with plugin level. Here’s how:

You can fix this either by writing the following function in your theme’s (or child theme’s) functions.php file or by creating a plugin. Basically the form action attribute for the registration process needs to be changed as ‘/wp-login.php?{your_secret_key_from_better_wp_security}&action=register’. To do this, we will use the ‘register_form’ action hook. The said action hook has no direct way to alter form action attribute. So, we will take JavaScript (jQuery to be more precise) route to alter the form action. Here’s the function:

function axefinch_fix_regform_action() {
  // if plugin is not activated, do nothing
  if ( !function_exists( 'is_plugin_active' ) ) {
    // @see http://codex.wordpress.org/Function_Reference/is_plugin_active
    include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
  }
  if ( FALSE === is_plugin_active( 'better-wp-security/better-wp-security.php' ) ) {
    return;
  }

  // check if the options are available for 'Better WP Security'
  $bwps_data = get_option( 'bit51_bwps' );

  // do nothing if no option found
  if ( FALSE === $bwps_data ) {
    return;
  }

  // generate new registration action url
  $reg_url = site_url() . '/wp-login.php?' . $bwps_data['hb_key'] . '&action=register';

  // we only needed the key. release the memory now.
  unset($bwps_data);
?> 
  <script type="text/javascript">
  //<![CDATA[
  jQuery(document).ready(function($) {
          $('#registerform').attr('action', '<?php echo $reg_url; ?>');
  });    
  // ]]>
  </script>
<?php
}
add_action('register_form', 'axefinch_fix_regform_action');
?>

That’s all. This process is not hacking the core and will have no effect when WordPress is upgraded to it’s next stable version.

Please share your thoughts, queries and/or other possible ways to fix the issues through the comment.

Enjoy blogging!

Advertisements

8 thoughts on “Fix for WordPress user registration process while ‘Better WP Security’ is installed

  1. i know this may not be the best place to ask but i have been trying to get a WP problem fixed for 3 days now and no one can fix the issue?????

    i have installed the plugin called “affiliates”

    now when a new user signs up the receive a email with username -password and a link to my wp-login url, i do not want them to see my wp-login url in this email.
    do you think i have been able to remove it? NOT A CHANCE”

    i have tried all the recommended plugins and none of them work that wp login url still is there even after i tell these plugins i don want %wp-login%

    can you tell me how it am able to remove this from the default email Template as its taken me 3 days to get nowhere and at this rate i think i would still be here in another year but somewhat greyer and stressed.

    is this a bug? as its not a good thing to show all users the back end url ..

    Kind Regards
    Tom

    • Hi, Thank you for taking time to post your issue. I love to resolve these types of issues. I took a quick look into the plugin code and found, in it’s core, various links are hard coded as “wp-login.php” instead of wp_login_url() function of WordPress which helps to get the wp login url (default is wp-login.php and for any custom login, it will output the login url as set). I guess, you need to contact the developer of the plugin to implement the changes and you should be good to go. To hide the WP’s default login url, you an look here or you can use “WP Better Security” plugin. Thanks!

I will be happy to answer your queries

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s