Dangerous plugin

  • edgenx

    (@edgenx)


    11 months, 1 week ago

    Recaptcha fails on login form submission despite successful captcha test. If I hadn’t tested this in a new inprivate window, I could have locked myself out of my admin panel. Crazy dangerous plugin. Also saw a thread 10mo ago where the dev closed the case w/o addressing the issue. Not having any of that.

    Also not sure what this plugin is trying to be. It’s billed as a user registration and login form replacement, which is what I want but it appears to be a complete form design plugin – sort of like wpforms but not as capable. And then I guess it’s also trying to be a membership plugin like Ultimate Member, but not as capable. It’s just really confusing to me.

    All I really want is better security on my user registration, login, and post comment forms. I wanted to do recaptcha on all to cut down on bots and spam because I don’t think Akismet works very well. But I guess I’ll settle for MFA on the login form via WordFence. I hate the way WordPress does all of this so piecemeal and forces us to use a bunch of questionable quality plugins for basic security.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Amrit Kumar Shrestha

    (@shresthauzwal)

    11 months, 1 week ago

    Hi @edgenx ,

    Thank you for taking the time to share your feedback. We’re sorry to hear about your experience with the plugin.

    We’d like to clarify that the User Registration and Membership plugin does not have such issues by default. One of the main limitations of WordPress itself is the potential for plugin conflicts. Based on your description, it seems the issue with Google reCAPTCHA is likely caused by a conflict with another third-party plugin. Did you perform a plugin conflict test to verify this?

    Also, just to clarify — we’re not trying to be WPForms or any other membership plugin. Our plugin’s focus has always been on delivering a clean and flexible user registration solution. The Membership module was added based on high user demand, and it is currently in its early development phase. We are actively working on improvements based on real feedback.

    It also appears that the account used for this review may have been created just to leave feedback. While we appreciate every review, we respectfully suggest that submitting a support ticket instead would have been more helpful for both of us. If we had more insight into the actual issue, we could have resolved or at least guided you appropriately.

    We want to emphasize that we genuinely listen to our users and regularly add features based on real needs and suggestions. If you check our support forum, you’ll see that our team is actively providing support for the free plugin as well.

    So, we sincerely request you to create a support ticket, and we’ll be more than happy to look into the issue and assist you further. Giving us the opportunity to support you directly would be far more productive than a public review without troubleshooting.

    Best regards,

    Thread Starter edgenx

    (@edgenx)

    11 months, 1 week ago

    I feel I need to address your comment about my account having been created just to leave you negative feedback. That is untrue. I just happened to have created the account because I’ve never had the need to leave feedback of any kind and likewise have not had need to comment on other posts. Everyone has to start somewhere.

    And by the way, I see how much you like to use bold to hammer home your points, so I’ll do the same. And since you decided to respond in such a way, I’ll now condemn your plugin/business to everyone in the future if registration/login form replacement comes up. Clearly you are not anyone I would ever want to deal with and certainly would never purchase products from.

    As to your request that I open a support ticket – well, the support request – Google reCaptcha error | ww.wp.xz.cn I referenced in my review that you closed without resolution had three or four other people chiming in to say they have/had the same problem with your plugin which indicates that this is a very common issue. So from your lack of engagement with that thread and then closure to further comments, I assumed that a support request to you would be a waste of time. Maybe it’s not a deficiency of your plugin, and might be (as you stated) a conflict with another plugin. But unfortunately I really wouldn’t be in a position to disable my other plugins or turn off their captcha functionality either.

    I do see a lot of positive reviews for this plugin – many of which I believe to be fake as “great plugin” is not really a review. Others certainly have had a better experience than I had, but that does not mean that my experience should go unreported to potential site owners as I stand by my review and warning that using your plugin COULD break their access to wp-admin.

    My last word on this will be to echo what another person said in the thread I linked above: following the failure of the captcha on my login form, NOTHING AT ALL was logged in your plugin’s log page. That makes troubleshooting very difficult. Perhaps you could integrate some sort of compatibility/conflict check to ensure you don’t break sites, or at the very least make sure something useful is logged on a form failure.

    • This reply was modified 11 months, 1 week ago by edgenx.
    • This reply was modified 11 months, 1 week ago by edgenx.
    Plugin Support Amrit Kumar Shrestha

    (@shresthauzwal)

    11 months, 1 week ago

    Hi @edgenx,

    Thank you for taking the time to share such a detailed response — we truly appreciate it.

    Just to clarify, the use of bold text in our message was not meant to emphasize points aggressively. Instead, it was simply to help make the message easier to scan. While we usually keep our replies brief, in this case, we wanted to address several important points. Since many users tend to skim longer messages, we used bold text to highlight the key information.

    Regarding this topic: https://ww.wp.xz.cn/support/topic/google-recaptcha-error-5 — it appears that additional users commented after the thread was already closed. If the original poster had reopened the topic, our support team would have followed up there. Additionally, the error log shared in the thread clearly indicates that the issue is being triggered by WooCommerce, not by our plugin. This suggests that the problem is likely due to a conflict between plugins.

    We’d also like to gently reiterate that the User Registration plugin, in its default state, does not interfere with wp-admin access or standard login behavior. Most issues of this kind are typically caused by conflicts with other third-party plugins, especially those handling login or CAPTCHA functionality. That’s why we always recommend running a conflict test or reaching out to our support team before drawing any final conclusions.

    Lastly, we’re always here to help in the support forums — and as you can see from other threads, we’ve successfully supported thousands of users through our free plugin. Had you reached out via a ticket, we may have been able to assist you more directly.

    We sincerely appreciate your feedback, even if your experience wasn’t as smooth as expected. Your input helps us continue to improve.

    Best regards,

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Dangerous plugin’ is closed to new replies.