Tag Archives: security

Theme my login and WordPress updates in general

Posted on by

One thing I often do is end up overseeing WordPress site updates, both to the WordPress core and to plugins. In theory this is an easy task, and a very important one especially security wise, but often people are reluctant do it. There’s one main reason and that is breaking things. Generally it doesn’t happen and the benefits of breaking a small section of a site are usually massively outweighed by not leaving a vulnerability in the site and getting hacked.

Of course a WordPress core update, especially to a new version needs a bit of planning, but a plugin update is usually trivial. However the issues that can occur were highlighted recently when I discovered a change in the Theme My Login plugin. This plugin allows WordPress site owners to setup login and registration forms that are powered by the site templates, thus keeping everything more focussed and on brand. In a recent version the developers have now removed automatic redirecting after login and have instead added this functionality as a paid for plugin. I’ll be honest I don’t think that’s a great idea and will annoy a lot of the user base for the plugin but I’m sure the developers have weighed up their thinking behind the decision. That said removing this core functionality essentially breaks the login process. You login and land on the same page with an empty login form, which would take an eagle eyed user to spot. So what to do? If you don’t wish to pay for the plugin then I would point you in the direction of this tutorial on Envato (https://code.tutsplus.com/series/build-a-custom-wordpress-user-flow–cms-816) It needs a little developer know how but there is a downloadable version you can grab from github on the article to get you going.

If you’ve been sensible and backed up you can always roll back and use an old version and continue on with that.

It is worth having a think through the options. But mainly I just wanted to point out the Envato tutorial for anyone who’s looking for a solution to this problem at the moment.

It’s a problem you should look to fix though, as mentioned at the start of the article, building up security issues is not worth it to save solving a few functionality issues.