Hi everyone. For a site I am working on I created front end login and registration forms using ACF’s front end forms functionality. These forms are working perfectly, once again I appreciate all of the functionality ACF offers which makes features like this possible.
As the site is getting close to launching one concern I did have was securing the login registration forms against malicious spamming activity. I noticed the acf_form() function includes the honeypot setting that includes a hidden input field to capture non-human form submission. Are there additional measures I should be incorporating into these forms to deter malicious activity?
Normally I would use a plugin like Login Lockdown with the login form. In my testing it does not look like this plugin (or other similar plugins) are compatible with ACF front end forms, they will only work with the default Word Press login. Is it possible to recreate similar functionality to what these plugins provide through custom code that will be compatible with ACF front end forms?
Should I also include Google reCaptcha with these forms? If yes if anyone has documentation on implementing this that would be much appreciated. If reCaptcha is needed I should be able to figure out the integration myself, I can post code samples here if that would be helpful for others.
Thanks in advance for any suggestions anyone has!
I don’t know of any way to make the login form more secure.
If I needed a custom login form I would more than likely look for a way to customize the WP login form rather than build my own form so that I could take advantage of any plugins that are available to enhance the security of the login form.
