[Robin W]

ok, thanks, but sorry I can’t really help further.

I will state again that WordPress handles both registration and login, and as long as you don’t use the login widgets or shortcodes then bbpress should not be involved.

I hope you get a resolution

[chaosfranklin]

I watched tutorials of the setup and see people testing the registration. They showed new users were required to activate their accounts by email.

Unfortunately, I cannot give the url due to the mature nature of the content. I don’t want to get ban.

I am using this plugin to to hide the administration login.

Hide login page, Hide wp admin – stop attack on login page

[lonelydime]

Hello,

I’m running a fresh install of WordPress from the bitnami helm chart using persistent storage on an NFS share. The path used by the containers is /bitnami/wordpress/wp-content/ to pull in plugins/etc. When I install bbPress, all of the css files and js files use the wrong path to include the assets.

Here’s an example:

<link rel='stylesheet' id='bbp-default-css' href='https://example.com/bitnami/wordpress/wp-content/plugins/bbpress/templates/default/css/bbpress.min.css'>

<script type='text/javascript' src='https://example.com/bitnami/wordpress/wp-content/plugins/bbpress/templates/default/js/editor.min.js?ver=2.6.5'>

I haven’t had any issues with other plugins thus far, but for some reason bbPress is wanting to use the full installation path instead of the web root. Is there a way of fixing this with some WP constant that I’m not setting? The installation of wordpress is in /opt/bitnami/wordpress and wp-content/ and wp-config.php are symlink’d to /bitnami/wordpress/wp-content and /bitnami/wordpress/wp-config.php.

I have a temporary fix right now which will be wiped out when bbPress updates.

File: wp-content/plugins/bbpress/includes/core/template-functions.php

function bbp_enqueue_style( $handle = '', $file = '', $deps = array(), $ver = false, $media = 'all' ) {
        // Attempt to locate an enqueueable
        $located = bbp_locate_enqueueable( $file );
        //Ghetto fix
        $located = str_replace('/bitnami/wordpress', '', $located);

function bbp_enqueue_script( $handle = '', $file = '', $deps = array(), $ver = false, $in_footer = false ) {
        // Attempt to locate an enqueueable
        $located = bbp_locate_enqueueable( $file );
        //Ghetto fix
        $located = str_replace('/bitnami/wordpress', '', $located);

[Robin W]

bbpress doesn’t have a ‘your account is activated’ page – something in WordPress is doing this, not bbpress.

[sillyninja]

Hello,

I have installed bbpress on my WordPress website. I have created 4 categories in the main forum, but when I click on the categories, topics do not show on the category. Each category has more than 4 threads.

I saved permalinks too, but it did not work.

[Robin W]

ok, so where are the registering ? ie from what part of your site – I need to understand what is sening the ‘activated’ email.

the incorrect login is fixed by :

bbp style pack

once activated go to

dashboard>settings>bbp style pack>Login Failures

[Robin W]

there is no separate bbpress login. If you login using WordPress on first login bbpress will allocate the role that you have set in

dashboard>settings>forums>roles.

so bbpress does not use a url for login.

so when you say ‘ However, bbpress is using this url for members to login. ‘ where are you seeing this ?

[Robin W]

and this is also a useful discussion

How to Stop WordPress Registration Spam (Plugins and Tactics)

[Robin W]

not tested (I manually approve new users, but that is just because of the type of sites I run) but this might help

Stop Spammers

[Robin W]

bbpress just uses WordPress login, so if you’ve changed the url, just use any WordPress login and ignore the bbpress one.

[Robin W]

bbp style pack

once activated go to

dashboard>settings>bbp style pack>Topic/Reply Form

[Robin W]

ok, without getting heavily involved in coding a solution for you (which is my paid day job 🙂 ) I guess that you have hooked to ‘template redirect’ which fires on everypage, so when WordPress displays the test-page it looks again for a value of topic_id, which on the test page does not exist, so returns zero.

if your code is working in that it redirects to test page, then you could try appending the topic id and picking that up in $_REQUEST

eg (untested)

wp_redirect('/test-page/?topic_id='.bbp_get_topic_id());

and then on test page use the code

if (isset($_REQUEST['topic_id'])) $topic_id = $_REQUEST('topic_id') ;

[Robin W]

easiest way is to use

bbPress Notify (No Spam)

[Robin W]

bbpress just uses WordPress login, so you just need a plugin or code that does that for WordPress

there are several and I have not tried any, but

Home

or if you are into coding

How to Share Logins and Users Between Multiple WordPress Sites

[Robin W]

you will need

Private groups

so once installed create a group called whatever you like

dashboard>settings>bbp private groups>group name settings
then in
dashboard>settings>bbp private groups>assign groups to roles
set subscribers to get the group above
then in
dashboard>settings>bbp private groups>topic permissions
set this to active
Finally for each forum, go into it and set the forum group you set up, and click save
then you will see topic permissions and be able to set this group to only create/edit replies

then all subscribers will only be able to create/edit replies

[Robin W]

this is one of the good and bad things about WordPress plugins.

It is good that they warn you that plugins have not been updated for a long period.

It is bad that it puts people off using perfectly good plugins because the author has had the goodness to release for free useful code to the world, but does not have the time or wish to be involved in supporting it.

But a well written plugin rarely needs changing if it does all that is required.

And since moderation tools hooks to bbpress functions that are long standing and stable, there are no issues I know with this plugin and I suspect it will work for years to come. If it breaks though minor issues, I’d clone it and re-issue.

You can sort of consider the warning a bit like a warranty. You don’t stop using the dishwasher because the year long warranty has run out, you just accept that maybe one day in the future it will stop working. When it does, then you may need to stop using it, but you do not go back to hand washing your dishes just because the warranty has run out on the dishwasher 🙂

If moderation tools stops working, you are no worse off than now. so if you use it for a while and it makes life easier, then that is a bonus.

[cassel]

I do get a few spams but not many. And typically, one member will email me if I didn`t see it, but since I get a notification of all the posts and all the new topics, I usually catch them. My main issue is mostly for those legit posts that end up in the spam. I get the notification they were posted, but not that they were flagged as spam, so I have no way to know to go check in the backend to “un-spam” them.

2. I also use https://en-gb.wordpress.org/plugins/moderation-tools-for-bbpress/ that way the topic or reply does not ‘disappear’ the author sees it as pending, and you get an email so you know to take action.

This plugin might no longer be supported, it seems.

[Robin W]

it is REALLY hard to get a computer to distinguish between real stuff and spam.

This support site uses askimet, but 3-5 spam posts get through each day. many just copy content and add their own url.

my strategy is

1. spam will get through, so unless your bbpress is massively used I use https://wordpress.org/plugins/bbpress-notify-nospam/ to notify me of each post and reply. I can quickly look at it, and if needed delete.
2. I also use https://en-gb.wordpress.org/plugins/moderation-tools-for-bbpress/ that way the topic or reply does not ‘disappear’ the author sees it as pending, and you get an email so you know to take action.

[Robin W]

70% in internet sites worldwide are WordPress ! Every hacker in the world knows how to identify a WordPress site. Probably 90% of sites don’t change the login url, so is this a risk?

The answer is not really.

Every site has to have a login screen, and that is visible to a hacker. If a hacker guesses an ordinary user, then all they get is an ordinary users access, so at worst they can create a post in someone else’s name.

What they are after is the admin user and their password. Then they can install plugins that add files to the site that can be used to say create a sub site that looks like a bank and try and get info from email links. You will have received scam emails with links to dodgy sites where this has been done.

The majority of site owners leave their username as admin, so hackers try and guess passwords based on the site name – so for say the French Horse Society website (if it existed) you might try admin with a password of FHS123 or french01 etc.

In other words they try and guess passwords for sites owners who have set themselves a password they can remember.

If you use a WordPress generated password, then there is no chance that a hacker will guess this or realistically can use software to break the site.

Now hackers use computers to find and target sites – they don’t sit at screens and look at websites.

So if you change your login url, then the ‘robots’ won’t see it, and chances are that they will just move on to another site, rather than search your site for a page that has login on it, but they can do this, so changing the url doesn’t stop this, it just means that you make yourself a lesser target. So it’s a good idea, but not a failsafe

Much more critically you need to have a WordPress generated password for your admins.

I’d also suggest that you look to install the wordfence plugin. This stops multiple attempts to guess password on your site, as well as a load of other security stuff. the free version is fine, and you will get lots of emails from wordfence and some that pester you to upgrade, but it is a great plugin.

Wordfence Security – Firewall & Malware Scan

last of all – don’t get obsessed by this – you website is for you and others to enjoy. Owning a diamond is lovely unless you spend your whole life worried about whether it will get stolen !

[kevvyb]

Just me being dumb. I sort of got frightened byt eh exhortaions I have seen to change the default login url for security reasons and was extrapolating that this needed to be kept relatively secure! But I take your point!

So the main thing is that it is changed. Making me wonder if I should change it to something that is more recognisable as a login but still pretty unique?

I take it that the login url(s) on this site are database generated? Or will WordPress doa similar thing for our site?

[kevvyb]

Thanks for the very quick reply Robin. And for the tips. Not sure I have been very clear. As you say I have changed my admin login from the default for security reasons. When I received the registration email though (presumably from WordPress?) is showed a link to confirm registration that inlcuded my altered wp login url; I don’t really want to be publicising that to everyone who registers for the forum. Is it possibel to avoid this?

Maybe that I am missing soemthing obvious been at it a while today and need to take a break.

[Robin W]

bbpress just uses WordPress registration and login.

bbpress then just assigns the default role on first login that is set in Dashboard>settings>forum>roles if you have that ticked, or you can manually assign if you wish.

Therefore you can ignore anything bbpressy on registration and login, and just use anything that WordPress does instead.

This gives you the ability to utilise plugins such as ‘theme my login’ to give yourself a nice registration and login (there are plenty of other good login plugins, just search around).

It looks like you have already changed the default wp urls – which is great and good security practise, so suggest you just don’t use bbpress login shortcodes or widgets, and let wordpress do your registration and login.

Do come back if you need further help

[kevvyb]

Hi

I have just installed bbPress on my site. I craeted a test user to see how it works. I was horrified to see that the email included a url for registration that is the admin url I use. I have changed this from the default for reasons of security and do not realy want to be sending out my wp admin login url to everyone who registers on the site. Is there a way around this or is it a wordpress thing?

[delta5]

I just found this:

Inline Image Upload for BBPress

[cassel]

I have used this plugin for a long time now: https://wordpress.org/plugins/bbpress-multi-image-uploader/
Although it does not let one post images INSIDE the posts (they only display after the text), it is VERY useful. The problem now, is that the plugin has not been updated in 2 years. It still works, but I was also looking for an alternative.

I will look at Chuckie’s suggestion.