Hey Martin,
The company that we worked with to implement the two-step forgot password system was concerned about security if a “no username” message came up whenever a username was entered that didn’t exist for a user.
Basically, it could be used to find usernames by brute force entering random ones until there was a match, and then the login form could be used to brute force the password in the same way.
We’ve added an attribute for the “forgot-password” shortcode, “ewd-feup-reveal-no-username”, if you set it to “Yes”, then a “no username exists” message will be displayed if there’s no username instead of the fake success message.
Thread Starter
Martin
(@speechless)
Allright ..
You mean like this?
[forgot-password reset_email_url=’confirm-forgot-password’ ewd-feup-reveal-no-username=’yes’]
If so .. that doesn’t seem to work! The “proceed message” appears in case of writing an email address that doesn’t exist.
/ Martin
Thread Starter
Martin
(@speechless)
Also you need to add a labeling option for message that will appear so the admin can change it into their prefered language! =)
Hi Martin,
I apologize for the confusion, but the shortcode attribute is just “reveal-no-username”. So, you would have to use something like this: [forgot-password reset_email_url=’confirm-forgot-password’ reveal-no-username=’yes’]
Thread Starter
Martin
(@speechless)
Hey!
I copied the shortcake you wrote. It still doesn’t work.
Try it with underscores instead of dashes: [forgot-password reset_email_url=’confirm-forgot-password’ reveal_no_username=’Yes’]
Are you using the latest version of the plugin (2.8.3)?
Thread Starter
Martin
(@speechless)
Yes I am.. Since it was in that version you did the update?
Hi Martin,
Could you provide a link to the page on which this isn’t working?
Thanks
Thread Starter
Martin
(@speechless)
I’ll setup an account for you and will email the account info to your email as I send the translations to!
