內容簡介
總結:
Comblock Login 外掛在 WordPress 前端實現了完整且安全的身份驗證系統。透過專用 shortcodes,可以輕鬆將登入和登出表單、使用者資訊顯示以及從網站內容登出所有活動會話的選項插入。登入過程嚴格管理,用户輸入的資料經過清理,通過 nonce 驗證確保安全,防止 CSRF 攻擊,並使用原生 WordPress 函數進行驗證,支持安全會話存儲和 Cookie 管理。
功能:
1. 註冊短代碼用於登入表單、登出按鈕、所有設備登出按鈕和已登入使用者顯示。
2. 通過 nonce 驗證和輸入清理實現安全登入管理。
3. 自訂登入後重定向到儀表板,登出後到登入頁。
4. 透過配置可以創建多個儀表板,並限制可訪問它們的使用者角色。
5. 同時從所有設備登出的登出功能。
6. 記錄與訪問權限相關的錯誤。
問答:
<ol>
<li>如何顯示登入表單?</li>
<ul>
<li>使用 [comblock_login] 短代碼,在任何頁面或文章中插入該短代碼。</li>
</ul>
<li>如何在儀表板內顯示登出鏈接?</li>
<ul>
<li>只需在儀表板文章類型內使用 [comblock_logout] 短代碼即可。</li>
</ul>
<li>如何顯示登出鏈接?</li>
<ul>
<li>使用 [comblock_disconnection] 短代碼在儀表板文章類型中顯示登出鏈接。</li>
</ul>
<li>如何展示使用者資訊?</li>
<ul>
<li>透過 [comblock_user_info] 短代碼在儀表板文章類型中展示使用者資訊。</li>
</ul>
<li>外掛如何保證安全性?</li>
<ul>
<li>通過 nonce 驗證、輸入清理、安全的 wp_signon() 認證和 SSL 支持的嚴格會話 Cookie 管理等安全機制。</li>
</ul>
</ol>
外掛標籤
開發者團隊
原文外掛簡介
Comblock Login is a professional and secure frontend authentication system designed to provide a seamless user experience outside the WordPress admin area. Unlike standard login plugins, Comblock allows you to transform your site into a multi-level portal through dynamic Custom Dashboards assigned to specific user roles.
The standout feature of this plugin is the Global Logout (Logout from all devices): an advanced security mechanism that enables users to terminate all active sessions across all devices with a single click, ensuring total protection if credentials are compromised. Every aspect of the login process is fortified with Nonce verification (anti-CSRF) and rigorous data sanitization, utilizing native WordPress core functions for maximum reliability.
With Comblock Login, you can:
* Create multiple private areas by assigning each dashboard to specific user roles (RBAC).
* Manage the entire user journey through dynamic shortcodes (Login, Logout, User Info).
* Protect data privacy by filtering which metadata to display via developer-friendly hooks.
* Monitor site security through integrated logging of access errors and permission violations.
This plugin doesn’t just hide the backend; it creates a secure, tailored ecosystem for your members, ensuring a smooth transition between public content and private dashboards.
Features
Global Session Control: A high-end security feature allowing users to perform a simultaneous logout from all devices, instantly terminating every active session.
Multi-Dashboard Management: Create unlimited and dynamic restricted areas (based on Custom Post Types) by assigning granular permissions based on user roles.
Secure Frontend Login: A complete authentication system integrated directly into your site’s layout via shortcodes, removing the need for users to access /wp-login.php.
Smart Redirect & Access Control: Intelligent management of post-login redirects and automatic content protection, with immediate redirection for unauthorized users.
Bulletproof Security: Advanced protection featuring Nonce (CSRF) verification, input sanitization, and authentication through the secure wp_signon() native function.
Extensible User Info: A dedicated shortcode to display profile data, featuring developer hooks (PHP filters) to customize which meta fields are shown or hidden.
Security Error Logging: Integrated monitoring system that records login errors and permission breaches for total security oversight.
Usage
Use the shortcode [comblock_login] to display the login form. You can insert this shortcode into any page or post.
Simple example (only required attribute):
[comblock_login dashboard-post-id="8"]
Complete example (with all optional attributes):
[comblock_login id="subscriber-login" class="subscriber-form-login" dashboard-post-id="8" privacy-page-id="2"]
Where:
dashboard-post-id is mandatory and represents the ID of a Dashboard post type created in the back office.
id, class, and privacy-page-id are optional, where privacy-page-id refers to the privacy policy page ID.
Use the shortcode [comblock_logout] only within the dashboard post type to display the logout link.
Simple example (without optional attributes):
[comblock_logout]
Complete example (with optional attributes):
[comblock_logout id="logout-link" class="btn-logout"]
Use the shortcode [comblock_disconnection] within the dashboard post type to display the disconnection link.
Simple example:
[comblock_disconnection]
Complete example:
[comblock_disconnection id="disconn-link" class="btn-disconnect"]
Use the shortcode [comblock_user_info] within the dashboard post type to display user information.
Complete example:
[comblock_user_info title="Profile Details" fields="display_name,user_email,billing_phone"]
The fields attribute accepts comma-separated user meta keys. For security, you can control which fields are accessible using the following PHP filters:
comblock_login_user_ban_fields: Add keys to this blacklist to prevent them from being displayed, even if requested in the shortcode.
comblock_login_user_info_allowed_fields: Use this whitelist to explicitly permit custom meta keys (like WooCommerce or ACF fields).
Example: How to allow a custom field
Add this to your functions.php:
add_filter(‘comblock_login_user_info_allowed_fields’, function($allowed) {
$allowed[] = ‘billing_phone’;
return $allowed;
});
These hooks enable developers to customize which user data can be displayed via the shortcode while maintaining control over security and privacy.
Security
The plugin implements the following security mechanisms:
Nonce verification for all critical login and logout actions to protect against CSRF.
Sanitization of input from login forms to prevent injection.
Authentication via WordPress’ secure wp_signon() function.
Strict session cookie management with SSL support.
Granular control of access permissions based on user roles defined for each dashboard.
Complete destruction of user sessions upon logout from all devices.
