I have done just that.. I am ONLY using the social logins now... thank you... everything else did not seem to work.. but I like the site code thing... just is that I would have to somehow let people know ahead of time what that is and I can't do that when I'm not there.... so THIS is best... just using social logins... thank you SO much, EVERYBODY that replied to this.. I APPRECIATE all of you very very much! Thanks! come join my site at XLOG 2.1 | PHOENIX and see if you like it!
@acientspark
You're most welcome. As for informing people about using the site code, you can do that by editing the language files. for example, If you go to mod/elgg_social_login/languages/en.php you could change "Or connect with" to "Connect with" If you just look in the language files in mods and elgg, you'll recognise the messages and will be able to change them to your liking.
I'd seriously consider getting an ssl certificate tho'.
Dead or not captchas can still help. I'd like a generic hook and view API for consuming captcha services on Elgg sites, then you could add captcha provider plugin(s). (could allow multiple in times of desperation)
Re: social logins, these plugins should allow disabling a new account until a captcha solve. Better would be to present the captcha just before creating the account, but this complicates the coding a bit (have to store profile data in SESSION while captcha attempts are made). In the short term my team is working on integrating recaptcha with facebook_connect.
Another simple place for a captcha would be just before email validation. It would be easy to code because only the validation token needs to persist while the captcha is being solved.
Do the social logins all bypass User Validation by Email?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.