First the good part:
Last time I checked for a social login plugin (few years ago), Wordpress Social Login was among my favorites (e.g. for being open source), but for some missing function in the end I decided for another plugin. Now I checked back and saw that everything works fine meanwhile, so I switched to this nice social login tool!
Now 2 issues I found while installing and setting up the tool:
-
While in other social login tools you can "disable external redirects", this option is not given yet within Wordpress Social Login. This is a security issue (both for users and a website's reputation), because theoretically anyone can use the login link, and change the redirect link to some malicious site. So users could think they're using a good and trusted domain, while being redirected to a bad site. Google recently posted about "open redirects" and that they can be a negative ranking factor (and shouldn't be used) for the risk that comes along with it. I know that there's an option to only allow 1 fixed redirect only, but this is not a good workaround if you need more or flexible redirects within your site.
-
It's somehow good that user images are not directly saved to the own webspace (for privacy and storage space reasons), but on the other hand side there's a reason why browsers block external social contents (like images loaded via Facebook graph). So if you wanna show a user image (for ex. within a forum) and Firefox' private mode is used, you don't see the user image, but an empty space. This seems to users like a broken page or function. So maybe it would be better to import user images (if Facebook still allows it) or to show some message (or fallback image) to users informing them that their browser is blocking the image (and that they can unblock it by browser settings or address bar).
Please let me know in case that a respective update is available!
First the good part:
Last time I checked for a social login plugin (few years ago), Wordpress Social Login was among my favorites (e.g. for being open source), but for some missing function in the end I decided for another plugin. Now I checked back and saw that everything works fine meanwhile, so I switched to this nice social login tool!
Now 2 issues I found while installing and setting up the tool:
While in other social login tools you can "disable external redirects", this option is not given yet within Wordpress Social Login. This is a security issue (both for users and a website's reputation), because theoretically anyone can use the login link, and change the redirect link to some malicious site. So users could think they're using a good and trusted domain, while being redirected to a bad site. Google recently posted about "open redirects" and that they can be a negative ranking factor (and shouldn't be used) for the risk that comes along with it. I know that there's an option to only allow 1 fixed redirect only, but this is not a good workaround if you need more or flexible redirects within your site.
It's somehow good that user images are not directly saved to the own webspace (for privacy and storage space reasons), but on the other hand side there's a reason why browsers block external social contents (like images loaded via Facebook graph). So if you wanna show a user image (for ex. within a forum) and Firefox' private mode is used, you don't see the user image, but an empty space. This seems to users like a broken page or function. So maybe it would be better to import user images (if Facebook still allows it) or to show some message (or fallback image) to users informing them that their browser is blocking the image (and that they can unblock it by browser settings or address bar).
Please let me know in case that a respective update is available!