Worried about being suspended

Website URL

https://jpress.ct.ws

Error Message

[Not an error, a worry]

Other Information

My JPress WordPress Site uses a custom Login/Register Page because of the following:
-I can’t send E-Mails from the servers
-I believe in E-mail-Free Registry, where a user of my Site doesn’t have to share any personal information to the owner of the site.

How it works:
-If user is registering, User inputs UserName and their Password. Both are stored in the Site’s WordPress Database, along with a “Dummy E-Mail” to comply with WordPress registry. [Example is [email protected]]
-If user is Logging In, User inputs UserName and their Password, which is checked with the Database for authentication.

I was planning on adding a Password Recovery System, where an Admin like Me sets a User’s password to a Reset Password detected in the Login Page, and allows the user to set a new password, but before I continue with that, I ask:

Am I violating any TOS with my Custom Login/Register Page on my WordPress Site?

After reading various Topics on your Forums, I became worried that my Account would be suspended, and since I am a new user, I don’t want to experience this.

If I am violating any TOS, I am willing to resolve the issue without a fight. I would like to stay in good standing with your Services, and if I am not, I am willing to perform any actions to return my position to good standing.

Thanks in advance,
-Jri-Creator

No, that’s not an issue, just make sure you are encrypting password for security reasons.

For email, free hosting does not support the mail() function, but you can still use SMTP

6 Likes

I believe in a web environment that involves sharing as little data as possible. Thank you for your support. For passwords, these passwords are encrypted by my WordPress Installation. Since I don’t require User E-mails, I don’t have to worry about that.

I can see some practical downsides of your registration system (I don’t understand how your recovery system works), but ToS-wise I don’t see any problem with it.

Please note that mail.com is an actual email service, and [email protected] might be someone’s email address. Using a dummy email is fine, but I strongly recommend to pick something that you can be absolutely sure can never be used as a real email address. Because if this became known, and somehow email sending from your website would work, you’d have a massive account takeover exploit in your site.

Again, not a ToS issue, but something you may want to be careful with.

5 Likes

Thank You! So, if I was setting a Dummy E-mail, I shoud set something like [email protected] ?

Also, with the recovery system, A Site Admin (like Me) would goto a locked WordPress Page visible to only Admins, Enter a UserName into the reset field, then it sets the password to a reset one. When the Login PHP detects this reset password, then the User would be asked for the New Password, which would then be set in the database.

This is a form of account protection in my opinion. No one could (theoretically) steal a User Account, and since I prefer a Personal-Info-Free environment, it’s the most secure. I ensure that the reset is done right, if it need to be done.

The downside to that is if somebody figured that out and registered that domain. I would recommend you create a subdomain of your own site’s hostname (such as nothing.jpress.ct.ws) and then never configure it to receive email. That way you know it will never be a valid email hostname (unless of course you ever change the URL of your site, but you can reconfigure it at that point).

Also I found this WordPress plugin that can disable sending emails entirely, though I’m not 100% sure if it meets your use case or not.

If I understand it correctly, I think the idea is that OP or another site admin could manually reset a user’s password by changing it to a dummy password, which the user could then use to change their password to a new one. I don’t know how OP would go about verifying a user’s identity without email, but considering they’ve come this far with the custom registration system, I would guess they’ve figured something out.

3 Likes

Dummy password is detected by my Login page Script, and allows the user to reset the password that way.

I would set the dummy email to something you have control over, like “[email protected]

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.