Try it out on your free dummy site: Click here => https://demo.tastewp.com/clean-login
Responsive Frontend Login and Registration plugin. A plugin for displaying login, register, editor and restore password forms through shortcodes.
- Add your login form in the frontend easily (page or post)
- And also the registration and the lost password form
- If user is logged in, the user will see a custom profile and will be able to edit his/her data in another front-end form
- One shortcode per form, you only need to create a page or post and apply this shortcode to create each form you want
- Every form created is responsive
- CSS adapted to each theme
- Register form protected with CAPTCHA and Google reCaptcha (as an option)
- Forms are also protected by Honeypot antispam protection
- WMPL ready with oficial certification
- .po/.mo template included
- Many languages included by default
- Auto status checker
- Hide admin bar for non-admin users as an option
- Disable dashboard access as an option
- Standby user role for new user registration. With no capabilities, to allow admin approval of users optionally
- Auto linked forms, if you place a shortcode in a page/post the link between them will be automatically generated
- And yes, this is WordPress 4.6 ready! Also compatible with WooCommerce.
Usage and Settings
Please, refer to Installation section
- Install Clean Login automatically through the WordPress Dashboard or by uploading the ZIP file in the plugins directory.
- Then, after the package is uploaded and extracted, click Activate Plugin.
Now going through the points above, you should now see a new Clean Login menu item under Settings menu in the sidebar of the admin panel, see figure below of how it looks like.
If you get any error after following through the steps above please contact us through item support comments so we can get back to you with possible helps in installing the plugin and more. On successful activation of this plugin, you should be able to see the login form when you place this shortcode [clean-login] in any page or post
Below, the description of each shortcode for use as registration, login, lost password and profile editor forms
- [clean-login] This shortcode contains login form and login information.
- [clean-login-edit] This shortcode contains the profile editor. If you include in a page/post a link will appear on your login preview.
- [clean-login-register] This shortcode contains the register form. If you include in a page/post a link will appear on your login form.
- [clean-login-restore] This shortcode contains the restore (lost password?) form. If you include in a page/post a link will appear on your login form.
Also, in the Clean Login settings page you can check the plugin status as follows:
In this setting page you can also find the way to enable/disable the differents options of the plugin, like below:
Regarding the widget usage, just place the Clean Login status and links widget in the widget area you prefer. It will show the user status and the links to the pages/posts which contains the plugin shortcodes.
Please feel free to contact us if you have any questions.
A post/page need to be created by typing the main shortcode [clean-login] in the content.
When you save or update this post/page you will see the login form.
And also in the setting page [clean-login] entry will be updated pointing to the current post/page which contains the shortcode (and generates the login form):
We would repeat the same process with the rest of shortcodes if we need it:
- [clean-login-edit] to create an edit profile form
- [clean-login-register] to create a registration form
- [clean-login-restore] to create a forgotten password and restore form
- Can I use my email in addition to your username for login? Yes, through WP Email Login.
- Can I modify my Avatar? Clean Login uses your email to get your Avatar from the Gravatar service (from Automattic), but if you want to modify from the WordPress dashboard you can use WP User Avatar.
- Is Clean Login compatible with AJAX-based plugins/themes/queries? Yes, from the version 1.2.6.
- Can I change the sender name from WordPress to my domain name? Yes, through WP Simple Mail Sender.
Contributors & Developers
“Clean Login” is open source software. The following people have contributed to this plugin.Contributors
- Change email now can be handled into the plugin without being redirect to default WordPress profile page
- Ready for WordPress 6.0
- Fixed a bug in restore password controller, thanks to @modernwoe https://wordpress.org/support/topic/customise-notifications/
- Added more complexity to passwords generated when restoring passwords, now they have 12 characters and special characters in order to avoid problems with complexity password checker of WordPress
- Avoid multiple submits in forms if multiple clicks are done, thanks to Gerard Enter for suggesting these two new fixes
- Ready for WordPress 5.9
- Included labels tags in every form to improve accesibility
- Now you can hide the admin bar selecting roles, instead of only admins
- Bug fixed found in 1.12.9
- You can now redirect users after registering
- Force update to 220.127.116.11
- New bug fix in controller created in 18.104.22.168
- Bug fix in controller to allow filter login_redirect works
- Included an eye in password field in login form to make password visible if the eye is clicked and viceversa
- Added optional reCaptcha to login form
- New hooks added to admin email notification
- New hooks added to email validation
- Variable escaped to prevent security problems (fixed the problem generated in previous version 22.214.171.124)
- If url GET parameter is present in a login page, the user will be redirected their instead of any other URL
- Ready for WordPress 5.8
- Added new hooks to override the default admin capability
- Fixed problem in hook with a non accesible variable
- Legacy installations support recovering where the shortcodes are used
- If page with a shortcode used is detected, Clean Login detects it and remove the link
- Fixed problem saving notification new email content
- Fixed problem that display links to not used shortcodes
- Fixed problem with WPML integration
- Fixed problem with login form and failed messages when prevent cache was activated
- More problems fixed in register form
- Different problems solved
- Fixed problem saving some options
- Hide admin bar functionality fixed
- Non-cache method in login page now is optional
- Code improvements
- Fixed bug in login action because of non-cache method
- Included a non-cache method to prevent problems with nonce in login form
- Included more aria-labels
- Nonce in activation emails are calculated in a different way to prevent problems checking them
- In the edit profile form, if you change the email, the standard WordPress change email notification is sent to avoid problems with unwanted changes
- Restore shortcode lost fixed
- Lost fixed widget
- aria-labels now can be translated
- id included in some tags to improve usability
- Code refactorized
- Error updating profile when email is hidden fixed
- Included aria-labels to improve accesibility
- Automatic password generated now it is hidden from url when you are reseting it
- New hooks added thanks again to @harrowmykel
- New hooks added thanks to @harrowmykel
- Nonces added in frontend forms thanks again to @harrowmykel
- Fixed captcha not displaying when register template was overriden thanks to @harrowmykel
- Added nonce in settings form
- Email optional using attribute of shortcode in [clean-login-edit]
- Email headers included instead of using a filter
- Include filter to validate emails with custom rules
- If a shortcode is removed, the url where is it saved is updated
- If a site does not allow register, plugin does not allow use shortcode for register, does not show register link in login form and it shows an error if you try to see a page with register shortcode
- Tested on WordPress 5.3
- Email Notification HTML Tags bug solved. Thanks to unCommons (@uncommons)
- Tested on WordPress 5.2.2
- login_redirect filter included, and MemberPress compatibility ensured.
- Tested on WordPress 5.1.1
- Czech language added. Thanks to Zbyněk Gilar
- Tested on WordPress 5.0.1
- Action hook at the end of successful registration added. Thanks to Daniel Schumacher (@favor-it)
- Unregistering captcha session bug solved. Thanks to Joe (@htjoe38)
- New feature: registration process now distinguish between a wrong e-mail and an e-mail that was already registered with a different account. Thanks to Martin Newman.
- New feature: a string template parameter is now added to the clean_login_register shortcode. Thanks to Martin Newman.
- Session is now not destroyed but resetting the necessary parameter. Thanks to Martin Newman.
- Email notification now support HTML as claimed (Bug solved). Thanks to Adrian Toro (@adrianifero)
- Redirect after login is now working again (partially solved, just commented the suggested code). Thanks to Adrian Toro (@adrianifero)
- Timed hiding of notification element. Thanks to Frede Hundewadt
- reCaptcha bug solved, due to PHP version < 5.3
- reCaptcha bug solved, due to PHP version < 5.5
- Adding the Google reCaptcha option to the plugin. Thanks to Pablo Gómez Margareto (@pablomargareto)
- Norwegian and Spanish languages updated. Thanks to Pablo Gómez Margareto (@pablomargareto)
- Password generation bug solved. Thanks to fouad.z (@fouadz)
- Tested on 4.9
- $_POST sanitizing bug solved. Thanks to tomykas (@tomykas)
- Norwegian language included. Thanks to Pablo Gómez Margareto (@pablomargareto)
- Security exploits fixed, described below. Thanks to Ipstenu (Mika Epstein)
- Sanitize, escape, and validate all POST calls. Bug fixed
- Checked using Nonces and permissions. Bug fixed
- Prevent direct file access for all PHP files. Bug fixed
- Unique function name for all internal functions. Bug fixed
- index.php file (silence is golden) included.
- clean_login_register_session removed, code consequently updated.
- Trying to get property of non-object at clean_login_load_before_headers() function is now fixed. Thanks to rasika17 (@rasika17) for reporting this issue.
- Thumbnail image updated. icon-128×128 and icon-256×256
- Text domain updated to clean-login, https://translate.wordpress.org/locale/es/default/wp-plugins/clean-login
- get_translated_option_page() function bug fixed. Thanks to Ignazio Lucenti
- The third parameter for preg_match_all became optional from PHP 5.4.0. but before it’s mandatory. Fixed! Thanks to Hemant Arora (@hemantkumararora)
- Ukrainian language included. Thanks to Павел Дидыченко @didychenko
- Tested on 4.7
- Bug solved. User Roles are not translated on the frontend. Thanks to @ramzesimus for reporting it.
- Partial support with Black Studio TinyMCE Widget and Shortcode Widget plugins, but one extra shortcode [clean-login] is needed to be include in a page/post. Thanks to Marco Chiesi @marcochiesi
- Bug due to template support is now solved. Notice in the Register Form after 1.7.8 update. Thanks to @ramzesimus
- Potential bug solved, due to variable scope at register-new.php
- WPML redirection fixed. Thanks to @provinciacreative for the feedback
- WPML redirection support for all the pages with clean-login shortcode and for the terms and conditions url. Thanks to Ignazio Lucenti, and also thanks to @webanwendung24
- Template support added. Now the plugin looks for the templates in the “theme_folder/clean-login/” as well. This is very useful to override the look of the content pages and keep this overrides when updating the plugin. Thanks to Ignazio Lucenti
- cl_login_form filter included in the login form (this can be also updated through templates)
- Added filter cl_login_redirect_url to allow overriding the login redirect, thanks to Diego Zanella email@example.com
- Added filter cl_logout_redirect_url to allow overriding the logout redirect, thanks to Diego Zanella firstname.lastname@example.org
- get_currentuserinfo() has been also replaced in all the forms, thanks to @ramzesimus
- wp_enqueue_style unique handle name and dependency, thanks to @ramzesimus
- Tested on 4.6 (beta1)
- get_currentuserinfo() has been deprecated in WordPress 4.5. It is currently replaced by wp_get_current_user(). Thanks to @christer_f for notifying us
- Turkish language updated. Thanks to Mert Eden
- Tested on 4.5
- French language updated. Thanks to thaipop
- ‘Clean Login status and links’ widget markup bug fixed. Thanks to ramzesimus (Роман Перевала)
- Add name and surname in the registration form feature. Feature supported by Jordi Raüll
- Validate user registration through an email. Feature supported by Jordi Raüll
- Name and username as mandatory fields. Feature proposed by Vess Ivanov
- Spanish translation updated
- Catalonian language template (empty) created
- Bug fixed in the login form when using redirections
- Tested on 4.4
- Settings link included in the plugins list
- Redirection feature after registration bug fixed. Thanks to plentyland and davispe for reporting it
- Tested on 4.3.1
- Redirect after login and logout. Feature supported by Juan Manuel Caceres from JC Global Resources
- Spanish translation updated
- Some improvements in the setting page
- Spanish translation updated
- Notify the user registration through the ‘user_register’ action hook. By ensuring, inter alia, the user role registration and MailPoet newsletters compatibility. Thanks to hamlet237
- Bug fixed in the URL for terms and conditions at registration form. Thanks again to hamlet237
- en_US translation created, with the idea of translating default strings 🙂 Thanks to fdkfashiondesign
- Username as email feature. Thanks to Lindsay Macvean
- Single password feature. Admins can simplify the registration process if desired. Thanks again to Lindsay Macvean
- Redirection feature after registration. Thanks once again to Lindsay Macvean
- jQuery cleaned up, and log_me bug fixed. Thanks third again to Lindsay Macvean
- FAQ updated
- Tested on 4.3
- Donation link included
- Spanish translation updated
- Donation link included
- Reflected XSS vulnerability fixed. Thanks to HSASec-Team
- Spanish translation updated
- Clean Login register with mandatory checkbox. Feature supported by Martijn van der Wijck
- Swedish language included. Thanks to Didrik Holstensson Kvist
- Tested on 4.2.2
- Bug fixed ‘query_arg not sanitized at login form’. Thanks to KTS915.
- Spanish translation updated
- .cleanlogin-field-role class added to ensure more flexibility in CSS styling
- Polish language included. Thanks to Jarosław Idzior
- …query_arg()’s have been sanitized to avoid XSS vulnerability
- Registration form shortcode adds standard role capability as parameter, e.g. [clean-login-register role=”contributor”]. Feature supported by Joyce Tan
- Email notification for new registered users with an editable email content, as option in the setting page. Feature supported by Роман Перевала (Perevala Roman)
- Predefined roles by the administrator when a new user is registered with the ability to choose his/her own role, as option in the setting page. Feature supported by Роман Перевала (Perevala Roman)
- Translation included in the restore password email subject
- Translation included in the new user email subject
- Logout link included in default Clean Login Widget
- Bug fixed ‘Notice: Use of undefined constant DOING_AJAX’
- Bug fixed in AJAX queries. Thanks again to Роман Перевала for reporting
- Bug fixed in block dashboard access (as option) related with some AJAX interactions. Thanks to Роман Перевала for reporting
- FAQ section included.
- French language updated. Thanks to Alain Sole
- Tested on 4.2
- Bug fixed in password complexity checker. Thanks to Steve Scofield for reporting
- Russian language included. Thanks to Anastassiya Polyakova
- Hebrew language filename fixed
- Password complexity as option. Passwords must be at least eight characters including one upper/lowercase letter, one special/symbol character and alphanumeric characters. Passwords should not contain the user\’s username, email, or first/last name. Feature supported by Steve Scofield
- “Failed security check” replaced by “Failed security check, expired Activation Link due to duplication or date.”
- Italian language included. Thanks to Walter Priori Friggi
- Persian language included. Thanks to Morteza Rajabzade
- Dutch language included. Thanks to Hans van der Marel
- Improving captcha visibility (higher font size). Thanks to plentyland for the feedback.
- WP Super Cache full compatibility (https://wordpress.org/plugins/wp-super-cache/)
- Brazilian Portuguese language included. Thanks to Filipe Mendes Schüler (@fmschuler)
- Tested on 4.1.1
- German language included. Thanks to Rainer (rainerma)
- Serbian language included. Thanks to Borisa Djuraskovic (from webhostinghub.com)
- Hebrew language updated. Thanks again to Ahrale (from Atar4U)
- Hebrew language included. Thanks to Ahrale (from Atar4U)
- Tested on 4.1
- WPML Certified plugin (http://wpml.org/plugin/clean-login/)
- Danish language included. Thanks to Bkold (Børge Kolding)
- Registration button disabled on submit (with JS, no jQuery to ensure themes compatibility)
- Icon for WordPress dashboard included (for both 128 and 256 px resolutions)
- French language updated from sources (no translation included)
- Simplifying the placeholder in the restore form by ensuring external plugins (which replace strings) compatibility.
- Bug detected: First name and last name of the current user is hidden if the username is hidden by settings. Solved!
- Enabling to permit users to reset their password using their email. Feature supported by KTS915
- The username can be switched off from the preview form. Feature supported by KTS915
- Spanish language updated.
- French language included. Thanks to Blasteur83 (Dylan Lane)
- Prepend all the functions names by ensuring the plugin compatibility and stability. Thanks to dharmashanti
- Tested on 3.9.2
- Output buffering turned on, following the Shortcode API. Thanks to stewarty
- Mistake solved under plugin description. Thanks to WP-Biz (Ryan)
- Demo site URL updated and also the content
- Screenshots updated
- Documentation deleted from index.html and also updated here.
- Banner created
- Screenshots added
- Demo site for testing purposes
- First release