Replies: 0
This plugin can be Better! But please, includes:
– More Support for BuddyPress and BbPress (including rtMedia or BP Activity Plus).
Necesary functions for BuddyPress:
– Username protection:
When you create a Site with WP, the same username is by default your nicename or nickname, this is a problem. You know about Author Enumeration Vulnerability: ?author=1, and this problem has solution, but, the other: username expose, needs manual solution: For Admin:
If you change your nickname in Dashboard / Users this NOT change nothing inside DataBase. So, you need to go: Phpmyadmin / wp_users and change the nicename here. Bad solution for noobs.
And for the others users: Editor, Suscriber, etc. The same problem.
You can see the username of an author if you do right click on the public name (from a post, or wherever), and Inspect (using Chrome).
For new registered I have a function php:
function set_default_display_name( $user_id ) {
$user = get_userdata( $user_id );
$name = sprintf( '%s %s', $user->first_name, $user->last_name );
$nickname = sanitize_user( strtolower( str_replace( ' ', '', $name ) ) );
$args = array(
'ID' => $user_id,
'display_name' => $name,
'nickname' => $nickname,
'user_nicename' => $nickname
);
wp_update_user( $args );
}
add_action( 'user_register', 'set_default_display_name' );Well, this code change automatically the nicename or nickname for the name: If the username is wpeditor02 and the name is John Doe, so the nickname is johndoe. And in BuddyPress: @johndoe. Problem solved for new users. But, for old users, you need to Update manually nickname by nickname (from Dashboard / Users, because with this code works, but with Keymaster is other case), very tedious.
– A Honeypot for Register Form
Check: https://github.com/pixeljar/BuddyPress-Honeypot
– Restricted Emails, only acept valid emails
Function:
add_option('limited_email_domains', array('yahoo.com', 'outlook.com', 'hotmail.com', 'gmail.com'));
If someone tries to register using an invalid email, they immediately receive a message:
This email is not valid.
– Report User Button (Motives: Spam, Explicit Sexual Content, Harassment, False Profile or Identity Theft, Ofensive post, comment or message)
– Ban User:
There is a plugin named BAN Users, but is incomplete.
Your Ban User functions can be more complete:
. Ban Login
. Ban Activity (a banned user can’t posts for 24 hours, 15 days or whatever. Ban upload photos if rtMedia is actived)
. Ban Comment (“”)
. Ban Send Message and Mentions (public message) (” “)
. Ban Add New Friends
– Manual Approval for New User
– Manual Approval for Contents (If rtMedia is active, photos…)
– Force (New Registered) to use Strong Pass. (Optional: Force user to change pass after 1 month, 2 months… whatever). Yes, I know, Wordfence has this, but, does not work.
– WP Emails go to Spam Folder (hotmail…),
Yes, this is a problem if you wants a Community with BuddyPress or a Forum with BbPress. Solution: Install WP Mail Bank plugin, use PHPMailer config. But, you can to includes the same function of Mail Bank.
MY COMPILATION: .htaccess and functions.php
GOOGLE DOCS LINK