[ad_1]
Hello there,
firstly congratulations for the great plugin!
I wanted to let you know an unwanted behaviour I encountered while running ASE on an eCommerce website.
Conditions:
- ASE’s “Change Login URL” feature set and running
- WooCommerce’s login/registration form present on front-end pages
- a user fails the login due to wrong password entry
Behaviour:
- upon failed login on front-end WooCommerce’s account form, the customer is redirected to the backend login screen, instead of reloading the WC front-end account page showing WC’s error notification
Concerns:
- bad UX
- this behaviour actually exposes the backend login’s URL with custom login’s query string parameter visible
To reproduce the issue, my current configuration is:
- ASE Pro v 7.1.2 (upgraded from free version, issue already present there)
- WooCommerce v 9.0.2
- Wordfence v 7.11.6 with:
- Brute Force Protection enabled
- WooCommerce integration disabled
- Prevent discovery of usernames through ‘/?author=N’ scans, the oEmbed API, and the WordPress REST API enabled
Lastly, I want to consider that the issue should not be theme related (however, I’m running a premium ThemeForest’s theme) since I deactivated “Change Login URL” ASE’s feature and rolled back to using WPS Hide Login plugin, which works fine and does not cause the unwanted redirection (also with WordFence setup as described).
Hope you can find a solution to this guys
Regards,
Luigi
