[Robin W]

ok, so where are the registering ? ie from what part of your site – I need to understand what is sening the ‘activated’ email.

the incorrect login is fixed by :

bbp style pack

once activated go to

dashboard>settings>bbp style pack>Login Failures

[Robin W]

there is no separate bbpress login. If you login using WordPress on first login bbpress will allocate the role that you have set in

dashboard>settings>forums>roles.

so bbpress does not use a url for login.

so when you say ‘ However, bbpress is using this url for members to login. ‘ where are you seeing this ?

[Robin W]

and this is also a useful discussion

How to Stop WordPress Registration Spam (Plugins and Tactics)

[Robin W]

not tested (I manually approve new users, but that is just because of the type of sites I run) but this might help

Stop Spammers

[Robin W]

bbpress just uses WordPress login, so if you’ve changed the url, just use any WordPress login and ignore the bbpress one.

[Robin W]

bbp style pack

once activated go to

dashboard>settings>bbp style pack>Topic/Reply Form

[Robin W]

ok, without getting heavily involved in coding a solution for you (which is my paid day job 🙂 ) I guess that you have hooked to ‘template redirect’ which fires on everypage, so when WordPress displays the test-page it looks again for a value of topic_id, which on the test page does not exist, so returns zero.

if your code is working in that it redirects to test page, then you could try appending the topic id and picking that up in $_REQUEST

eg (untested)

wp_redirect('/test-page/?topic_id='.bbp_get_topic_id());

and then on test page use the code

if (isset($_REQUEST['topic_id'])) $topic_id = $_REQUEST('topic_id') ;

[Robin W]

easiest way is to use

bbPress Notify (No Spam)

[Robin W]

bbpress just uses WordPress login, so you just need a plugin or code that does that for WordPress

there are several and I have not tried any, but

Home

or if you are into coding

How to Share Logins and Users Between Multiple WordPress Sites

[Robin W]

you will need

Private groups

so once installed create a group called whatever you like

dashboard>settings>bbp private groups>group name settings
then in
dashboard>settings>bbp private groups>assign groups to roles
set subscribers to get the group above
then in
dashboard>settings>bbp private groups>topic permissions
set this to active
Finally for each forum, go into it and set the forum group you set up, and click save
then you will see topic permissions and be able to set this group to only create/edit replies

then all subscribers will only be able to create/edit replies

[Robin W]

this is one of the good and bad things about WordPress plugins.

It is good that they warn you that plugins have not been updated for a long period.

It is bad that it puts people off using perfectly good plugins because the author has had the goodness to release for free useful code to the world, but does not have the time or wish to be involved in supporting it.

But a well written plugin rarely needs changing if it does all that is required.

And since moderation tools hooks to bbpress functions that are long standing and stable, there are no issues I know with this plugin and I suspect it will work for years to come. If it breaks though minor issues, I’d clone it and re-issue.

You can sort of consider the warning a bit like a warranty. You don’t stop using the dishwasher because the year long warranty has run out, you just accept that maybe one day in the future it will stop working. When it does, then you may need to stop using it, but you do not go back to hand washing your dishes just because the warranty has run out on the dishwasher 🙂

If moderation tools stops working, you are no worse off than now. so if you use it for a while and it makes life easier, then that is a bonus.

[cassel]

I do get a few spams but not many. And typically, one member will email me if I didn`t see it, but since I get a notification of all the posts and all the new topics, I usually catch them. My main issue is mostly for those legit posts that end up in the spam. I get the notification they were posted, but not that they were flagged as spam, so I have no way to know to go check in the backend to “un-spam” them.

2. I also use https://en-gb.wordpress.org/plugins/moderation-tools-for-bbpress/ that way the topic or reply does not ‘disappear’ the author sees it as pending, and you get an email so you know to take action.

This plugin might no longer be supported, it seems.

[Robin W]

it is REALLY hard to get a computer to distinguish between real stuff and spam.

This support site uses askimet, but 3-5 spam posts get through each day. many just copy content and add their own url.

my strategy is

1. spam will get through, so unless your bbpress is massively used I use https://wordpress.org/plugins/bbpress-notify-nospam/ to notify me of each post and reply. I can quickly look at it, and if needed delete.
2. I also use https://en-gb.wordpress.org/plugins/moderation-tools-for-bbpress/ that way the topic or reply does not ‘disappear’ the author sees it as pending, and you get an email so you know to take action.

[Robin W]

70% in internet sites worldwide are WordPress ! Every hacker in the world knows how to identify a WordPress site. Probably 90% of sites don’t change the login url, so is this a risk?

The answer is not really.

Every site has to have a login screen, and that is visible to a hacker. If a hacker guesses an ordinary user, then all they get is an ordinary users access, so at worst they can create a post in someone else’s name.

What they are after is the admin user and their password. Then they can install plugins that add files to the site that can be used to say create a sub site that looks like a bank and try and get info from email links. You will have received scam emails with links to dodgy sites where this has been done.

The majority of site owners leave their username as admin, so hackers try and guess passwords based on the site name – so for say the French Horse Society website (if it existed) you might try admin with a password of FHS123 or french01 etc.

In other words they try and guess passwords for sites owners who have set themselves a password they can remember.

If you use a WordPress generated password, then there is no chance that a hacker will guess this or realistically can use software to break the site.

Now hackers use computers to find and target sites – they don’t sit at screens and look at websites.

So if you change your login url, then the ‘robots’ won’t see it, and chances are that they will just move on to another site, rather than search your site for a page that has login on it, but they can do this, so changing the url doesn’t stop this, it just means that you make yourself a lesser target. So it’s a good idea, but not a failsafe

Much more critically you need to have a WordPress generated password for your admins.

I’d also suggest that you look to install the wordfence plugin. This stops multiple attempts to guess password on your site, as well as a load of other security stuff. the free version is fine, and you will get lots of emails from wordfence and some that pester you to upgrade, but it is a great plugin.

Wordfence Security – Firewall & Malware Scan

last of all – don’t get obsessed by this – you website is for you and others to enjoy. Owning a diamond is lovely unless you spend your whole life worried about whether it will get stolen !

[kevvyb]

Just me being dumb. I sort of got frightened byt eh exhortaions I have seen to change the default login url for security reasons and was extrapolating that this needed to be kept relatively secure! But I take your point!

So the main thing is that it is changed. Making me wonder if I should change it to something that is more recognisable as a login but still pretty unique?

I take it that the login url(s) on this site are database generated? Or will WordPress doa similar thing for our site?

[kevvyb]

Thanks for the very quick reply Robin. And for the tips. Not sure I have been very clear. As you say I have changed my admin login from the default for security reasons. When I received the registration email though (presumably from WordPress?) is showed a link to confirm registration that inlcuded my altered wp login url; I don’t really want to be publicising that to everyone who registers for the forum. Is it possibel to avoid this?

Maybe that I am missing soemthing obvious been at it a while today and need to take a break.

[Robin W]

bbpress just uses WordPress registration and login.

bbpress then just assigns the default role on first login that is set in Dashboard>settings>forum>roles if you have that ticked, or you can manually assign if you wish.

Therefore you can ignore anything bbpressy on registration and login, and just use anything that WordPress does instead.

This gives you the ability to utilise plugins such as ‘theme my login’ to give yourself a nice registration and login (there are plenty of other good login plugins, just search around).

It looks like you have already changed the default wp urls – which is great and good security practise, so suggest you just don’t use bbpress login shortcodes or widgets, and let wordpress do your registration and login.

Do come back if you need further help

[kevvyb]

Hi

I have just installed bbPress on my site. I craeted a test user to see how it works. I was horrified to see that the email included a url for registration that is the admin url I use. I have changed this from the default for reasons of security and do not realy want to be sending out my wp admin login url to everyone who registers on the site. Is there a way around this or is it a wordpress thing?

[delta5]

I just found this:

Inline Image Upload for BBPress

[cassel]

I have used this plugin for a long time now: https://wordpress.org/plugins/bbpress-multi-image-uploader/
Although it does not let one post images INSIDE the posts (they only display after the text), it is VERY useful. The problem now, is that the plugin has not been updated in 2 years. It still works, but I was also looking for an alternative.

I will look at Chuckie’s suggestion.

[Robin W]

Put this in your child theme’s function file –

ie wp-content/themes/%your-theme-name%/functions.php

where %your-theme-name% is the name of your theme

or use

Code Snippets

[Robin W]

hmm – that’s a core WordPress bug.

It has a track ticket, but no date

https://core.trac.wordpress.org/ticket/39251

sorry, best I can do !!

[Robin W]

then use this to allow participants to close or delete topics and delete replies

bbp style pack

once activated go to

dashboard>settings>bbp style pack>Topic/Reply Display

and look at items

17, 18 & 19

[kriskl]

yes,

I have disabled all plugins but BBpress. and changed to WordPress default theme.
with your code
this is what it looks like:

1 2 … 2,843 →
it still shows the last page: 2,843

https://opendev.leetdns.com/forums/

[Robin W]

yes I see 🙂

Put this in your child theme’s function file – or use

Code Snippets

add_filter ('bbp_before_paginate_links_parse_args' , 'rew_pagintion' ) ;

function rew_pagintion ($args) {
	$args['end_size'] = 0 ;
return $args;
}