The Admin Panel inside of WordPress enables you to configure how WPS Login will work for you.
You can configure the premium plugin to work exactly how you need it to. Here we will cover all of the settings.
General Settings
Require Minimum Password Strength
You can select from Very Weak, Weak, Medium, Medium Strong, Strong and Very Strong.
This means the user has to create or enter a password that is the minimum complexity you specify here, otherwise it will not be accepted.
We recommend at least Medium-Strong for this setting, but if you want your users accounts to be super secure, you can go all the way up to very strong.
Enable reCAPTCHA V3
By enabling reCAPTCHA V3 inside WPS Login plugin, you will prevent bots and other malicious login attempts on your website.
Bots and other malicious login attempts can be an absolute drain to your website and your web hosting. Enabling reCAPTCHA V3 is just another step in the defence of keeping your website and your user’s accounts secure.
To create a free reCAPTCHA V3 key from Google, click here.
Once you have created your V3 keys, you can simply copy and paste them into the WPS ReCAPTCHA settings boxes, respectively. Once you save the settings, your website will be secured with Google’s reCAPTCHA on any pages the plugin is in use. This is typically the Login Page, Registration Page, Lost Password Page and Reset Password Page.
Enable Show/Hide Password Toggle
If you enable this, a “Show/Hide” button toggle will be available on the pages that contain a password box on the front-end, allowing your user to view the password they have entered. If you are experiencing issues with people “forgetting their password” or an annoyance of users not being able to paste their password in properly, we recommend enabling it.
We recommend enabling this feature at all times.
Logout Redirect Page
From here you can choose the page users will be redirected to after logging out of the system. If you don’t select one (select the first option) then the user will be redirected back to the homepage by default.
Registration Settings
These are the settings that control user registration on your website.
Enable Random Password Generator
This enables a button on the account registration page that will generate the user a really strong and random password to use for their account when they click it. They can choose to add, remove or edit the password generated for them at will to suit them.
Email Verification for New Users
If you enable this (recommended), then the user will receive an email after registration. They must then go to their inbox and verify their account before it is classed as ‘verified’. You can use this feature to ensure spammy accounts, bots and malicious users don’t register on your website.
They will not be able to access any of the website even after login, until they verify their account.
Registration Fields
From here you can configure which fields are shown and required from the user upon signup to your website.
Typical options include First Name, Last Name and Nickname.
In addition to these options, some others are required by default like username and email address.
Login Settings
These are your options for the user login system.
Email Authentication on Login
This is a unique system we have developed which will force your users to two-factor login to their account on your website.
This is a great feature that banks, crypto exchanges and casinos especially, implement into their systems.
This keeps your user’s accounts very secure because not only does the person logging in need to know the user’s credentials such as email and password, but even when they’ve input them, they then need access to the user’s email to get the secure code in order to continue the login process.
We highly recommend you enable this feature.
Redirects
This section puts you in the driver’s seat, letting you control exactly where users go after registering, verifying their account, logging in, or resetting their passwords.
Verification Page (Email Code Entry)
If email verification is enabled in the “Registration Settings,” users are sent here immediately after registration. On this page, they must enter their verification code. You must place the following shortcode on this page:
[wpsuite_verification]
If the user clicks the link in the verification email, they’ll also land here to complete verification.
Post Verification Redirect Page
Once a user successfully verifies their email, they are automatically redirected to this page after a set number of seconds (see next setting). No shortcode is required on this page. Use it as a simple “Thank You” or “Welcome” page to confirm that their account is ready.
Post Verification Redirect Time (seconds)
Set the delay (in seconds) before sending the user to the Post Verification Redirect Page. A value between 3 to 5 seconds works well.
Login Redirect Page
If email verification is disabled, newly registered users will be redirected here immediately. Whichever page you choose as your “Login Page” must include the login shortcode:
[wpsuite_login]
This ensures that after registration, users can immediately log in.
Post Login-Auth Redirect Page
If email authentication is enabled and a user successfully completes it, they are sent here after a short delay. No shortcode is needed. Use this page to let them know that login was successful and direct them onward.
Post Login-Auth Redirect Time (seconds)
How long should users remain on the login authentication page before being sent to the above “Post Login-Auth Redirect Page”? We recommend between 1–5 seconds.
Lost Password Redirect Page
When a user requests a password reset, they will be taken here. Typically, no shortcode is required. This should be a simple confirmation page informing the user that a reset link has been emailed to them.
Reset Password Redirect Page
When a user clicks the link from their reset password email, they are brought here to enter a new password. Unlike what the original setting suggests, this page must contain the following shortcode:
[wpsuite_reset_password]
This shortcode shows the reset form. After they reset their password, the plugin will handle redirecting them automatically to the login page you’ve specified.
Shortcodes
Shortcodes are at the heart of how your users interact with the plugin’s forms. You place these codes inside a WordPress page or post to display the respective forms and actions:
[wpsuite_register]
- Purpose: Displays the user registration form.
- Required On: Your main registration page.
- After Registration Behavior: If email verification is enabled, the user is sent to your Verification Page. If not, they are redirected to your Login Page.
[wpsuite_verification]
- Purpose: Allows users to enter their email verification code to complete the account activation process.
- Required On: The Verification Page you specify in the settings.
- After Verification Behavior: Users are redirected to the Post Verification Redirect Page after the configured delay.
[wpsuite_login]
- Purpose: Displays the login form. If email authentication is enabled, it also prompts for the authentication code.
- Required On: Your main login page (the Login Redirect Page or whatever you designate as your login landing page).
- After Login Behavior: If email auth is required, user goes through the code entry process and then gets redirected to your Post Login-Auth Redirect Page. If not, they are logged in immediately.
[wpsuite_lost_password]
- Purpose: Provides a form for users to request a password reset.
- Required On: Your “Forgot Password” page.
- After Submission Behavior: The user stays on this page and sees a confirmation message that a reset link has been sent. If desired, you can configure a redirect to a confirmation page instead.
[wpsuite_reset_password]
- Purpose: Lets users set a new password after clicking the reset link they receive by email.
- Required On: The page you designate as your Reset Password Page.
- After Reset Behavior: Once the new password is set, the user is automatically redirected to the Login Page.
Email/SMTP
The Email/SMTP settings are crucial for managing how your plugin sends emails. Proper configuration ensures that all transactional emails (like registration confirmations, password resets, and verification codes) are delivered reliably to your users.
Email Configuration
Email Sending Method
- Description: Choose how the plugin sends emails.
- Options:
- Use Built-in WordPress: Utilizes WordPress’s native
wp_mail()
function. - Use SMTP Server: Sends emails through a specified SMTP server.
- Use Built-in WordPress: Utilizes WordPress’s native
Recommendation: We highly recommend using an SMTP Server for improved deliverability and reliability. The built-in wp_mail()
function can sometimes lead to emails being marked as spam or not delivered at all.
From Name
- Description: The name that appears in the “From” field of outgoing emails.
- Default: Your site’s name (e.g., “Your Blog Name”).
- Usage: Customize this to reflect your brand or the specific department handling user communications.
From Email
- Description: The email address that appears in the “From” field of outgoing emails.
- Default: The site’s administrator email (
admin_email
in WordPress settings). - Usage: Ensure this email address is valid and monitored, as users may reply to it or contact you if they encounter issues.
SMTP Settings
These settings are required only if you select “Use SMTP Server” as your Email Sending Method.
SMTP Host
- Description: The hostname of your SMTP server.
- Example:
smtp.gmail.com
for Gmail,smtp-relay.brevo.com
for Brevo. - Usage: Enter the SMTP server provided by your email service provider.
SMTP Port
- Description: The port number used by your SMTP server.
- Default:
25
(commonly used for non-encrypted connections). - Common Ports:
- 587: For TLS encryption.
- 465: For SSL encryption.
- Usage: Refer to your SMTP provider’s documentation to determine the correct port.
SMTP Encryption
- Description: The encryption method for your SMTP connection.
- Options:
- None: No encryption.
- SSL: Secure Sockets Layer encryption.
- TLS: Transport Layer Security encryption.
- Usage: Choose the encryption method supported by your SMTP server. SSL and TLS are recommended for security.
SMTP Username
- Description: The username for authenticating with your SMTP server.
- Usage: Typically, this is your full email address (e.g.,
user@example.com
).
SMTP Password
- Description: The password for authenticating with your SMTP server.
- Usage: Ensure this password is kept secure. Consider using app-specific passwords if your email provider supports them.
Email Templates
With the Header HTML and Footer HTML boxes, you can choose to define a custom HTML header and footer for your email templates sent out by the WPS Login system.
You can also control the styling of the body by using custom CSS inside of here.
Security
The Security settings enable you to safeguard your WordPress site by restricting access to sensitive areas and enhancing user role permissions. These settings are essential for preventing unauthorized access and maintaining control over critical site functions.
Disable Access to /wp-admin/
- Description: Restricts access to the WordPress admin dashboard.
- Functionality: When enabled, users without administrative privileges attempting to access
/wp-admin/
will be redirected to a specified page.
We highly recommend that you enable this to prevent unauthorized users from accessing the WP-ADMIN section. This includes Admins. All users should ideally login only through the WPS Login plugin and verify email authentication with a code (see Login Settings).
Disable Access to wp-login.php
- Description: Restricts access to the WordPress login page (
wp-login.php
). - Functionality: When enabled, attempts to access
wp-login.php
will redirect users to a designated page.
We highly recommend that you enable this to reduce the risk of brute force attacks on your login page.
Redirect Page for Disabled URLs
- Description: Specifies the page to which users are redirected when they attempt to access restricted URLs (
/wp-admin/
orwp-login.php
). - Usage: Choose a page that communicates the restriction, such as an “Access Denied” or “Home” page. This page should not contain sensitive functionalities or shortcodes.
Allowed User Roles to Access Dashboard
- Description: Defines which user roles are permitted to access the WordPress dashboard (
/wp-admin/
). - Functionality: Only users with roles selected here will have access. All others are redirected as per the Redirect Page for Disabled URLs setting.
- Default: Administrators only.
You should only grant dashboard access to specific roles like Administrator and if you have other content editors and authors, you can allow Editors and Authors.
Allowed User Roles to See Admin Toolbar
- Description: Controls which user roles can see the WordPress Admin Toolbar when viewing the site.
- Functionality: Selected roles will see the toolbar at the top of the site. Others will not.
- Default: Administrators only.
We recommend you turn this off for everybody except Admins. No other users, unless Admins or Editors, need to see the WP toolbar on your website.
Logout Redirect Page
- Description: Specifies the page users are redirected to after logging out.
- Usage: Use this to confirm logout success or guide users to a helpful page, such as a “Logged Out” message or the homepage. If no page is specified, users will default to the homepage.
Prevent Direct Access to Plugin Files
- Description: Adds a layer of protection by preventing direct access to the plugin’s PHP files.
- Functionality: Users trying to access plugin files directly will be redirected to the homepage. This safeguard ensures your plugin remains secure.
This is automatically handled by our plugin. Ensure that all plugin files are correctly placed within the WP plugin directory to maintain this protection.