Comblock Login

Апісанне

Comblock Login is a professional and secure frontend authentication system designed to provide a seamless user experience outside the WordPress admin area. Unlike standard login plugins, Comblock allows you to transform your site into a multi-level portal through dynamic Custom Dashboards assigned to specific user roles.

The standout feature of this plugin is the Global Logout (Logout from all devices): an advanced security mechanism that enables users to terminate all active sessions across all devices with a single click, ensuring total protection if credentials are compromised. Every aspect of the login process is fortified with Nonce verification (anti-CSRF) and rigorous data sanitization, utilizing native WordPress core functions for maximum reliability.

With Comblock Login, you can:
* Create multiple private areas by assigning each dashboard to specific user roles (RBAC).
* Manage the entire user journey through dynamic shortcodes (Login, Logout, User Info).
* Protect data privacy by filtering which metadata to display via developer-friendly hooks.
* Monitor site security through integrated logging of access errors and permission violations.

This plugin doesn’t just hide the backend; it creates a secure, tailored ecosystem for your members, ensuring a smooth transition between public content and private dashboards.

Features

1. Global Session Control: A high-end security feature allowing users to perform a simultaneous logout from all devices, instantly terminating every active session.
2. Multi-Dashboard Management: Create unlimited and dynamic restricted areas (based on Custom Post Types) by assigning granular permissions based on user roles.
3. Secure Frontend Login: A complete authentication system integrated directly into your site’s layout via shortcodes, removing the need for users to access /wp-login.php.
4. Smart Redirect & Access Control: Intelligent management of post-login redirects and automatic content protection, with immediate redirection for unauthorized users.
5. Bulletproof Security: Advanced protection featuring Nonce (CSRF) verification, input sanitization, and authentication through the secure wp_signon() native function.
6. Extensible User Info: A dedicated shortcode to display profile data, featuring developer hooks (PHP filters) to customize which meta fields are shown or hidden.
7. Security Error Logging: Integrated monitoring system that records login errors and permission breaches for total security oversight.

Usage

• Use the shortcode [comblock_login] to display the login form. You can insert this shortcode into any page or post.
  Simple example (only required attribute):
  [comblock_login dashboard-post-id="8"]
  Complete example (with all optional attributes):
  [comblock_login id="subscriber-login" class="subscriber-form-login" dashboard-post-id="8" privacy-page-id="2"]
  Where:

  • dashboard-post-id is mandatory and represents the ID of a Dashboard post type created in the back office.
  • id, class, and privacy-page-id are optional, where privacy-page-id refers to the privacy policy page ID.

• Use the shortcode [comblock_logout] only within the dashboard post type to display the logout link.
  Simple example (without optional attributes):
  [comblock_logout]
  Complete example (with optional attributes):
  [comblock_logout id="logout-link" class="btn-logout"]

• Use the shortcode [comblock_disconnection] within the dashboard post type to display the disconnection link.
  Simple example:
  [comblock_disconnection]
  Complete example:
  [comblock_disconnection id="disconn-link" class="btn-disconnect"]

• Use the shortcode [comblock_user_info] within the dashboard post type to display user information.
  Complete example:
  [comblock_user_info title="Profile Details" fields="display_name,user_email,billing_phone"]

  The fields attribute accepts comma-separated user meta keys. For security, you can control which fields are accessible using the following PHP filters:

  • comblock_login_user_ban_fields: Add keys to this blacklist to prevent them from being displayed, even if requested in the shortcode.
  • comblock_login_user_info_allowed_fields: Use this whitelist to explicitly permit custom meta keys (like WooCommerce or ACF fields).

  Example: How to allow a custom field
  Add this to your functions.php:
  add_filter(‘comblock_login_user_info_allowed_fields’, function($allowed) {
  $allowed[] = ‘billing_phone’;
  return $allowed;
  });

  These hooks enable developers to customize which user data can be displayed via the shortcode while maintaining control over security and privacy.

Security

The plugin implements the following security mechanisms:

• Nonce verification for all critical login and logout actions to protect against CSRF.
• Sanitization of input from login forms to prevent injection.
• Authentication via WordPress’ secure wp_signon() function.
• Strict session cookie management with SSL support.
• Granular control of access permissions based on user roles defined for each dashboard.
• Complete destruction of user sessions upon logout from all devices.