wgwien18
commented
3 years ago One more issue and chance for improvement I just noticed:
In my case - and I think it's the most common case - there's a public page that is like the door to for ex. a forum. And then on this page users find a link to login, which is the Wordpress Social Login redirect.
When the user clicks for the first time, he's redirected (for ex. to the members only forum area).
Now the thing is that if a user later on wants to access the "members only area" again (no matter through which link on the website) and if the user is still logged in (which is the most common case as he won't log out each time he changes from the forum section to another section on the website), he's not redirected again, but he gets a warning notice that he's logged in and he's asked if he wants to log out. No chance to arrive to the redirect page again (like for ex. the members only area), unless he logs out and uses the login-link again then (which is probably asked to much and quite some workaround for an everyday user).
I think the normal case should be that the plugin checks whether a user is already logged in, and if yes, be redirected to the set redirect page (again).
This is also how things worked in the similar social login plugin I used before switching to Wordpress Social Login.
If a user should get a chance to log out, it should be a separate, specific link. It also must not necessarily be handled by the plugin, a logout link can as well be set through normal Wordpress. Still it would be nice if the plugin would include some shortcut link that would log the user out both of Wordpress and of Facebook.
Anyways, it's important that redirects work even if a user is already logged in. That's the most practical thing that a user just needs to log in at the first time, and then for the next visits he just needs to click a button (to arrive to a members only area, for instance).
Thanks for your consideration and hopefully fix!
First the good part:
Last time I checked for a social login plugin (few years ago), Wordpress Social Login was among my favorites (e.g. for being open source), but for some missing function in the end I decided for another plugin. Now I checked back and saw that everything works fine meanwhile, so I switched to this nice social login tool!
Now 2 issues I found while installing and setting up the tool:
While in other social login tools you can "disable external redirects", this option is not given yet within Wordpress Social Login. This is a security issue (both for users and a website's reputation), because theoretically anyone can use the login link, and change the redirect link to some malicious site. So users could think they're using a good and trusted domain, while being redirected to a bad site. Google recently posted about "open redirects" and that they can be a negative ranking factor (and shouldn't be used) for the risk that comes along with it. I know that there's an option to only allow 1 fixed redirect only, but this is not a good workaround if you need more or flexible redirects within your site.
It's somehow good that user images are not directly saved to the own webspace (for privacy and storage space reasons), but on the other hand side there's a reason why browsers block external social contents (like images loaded via Facebook graph). So if you wanna show a user image (for ex. within a forum) and Firefox' private mode is used, you don't see the user image, but an empty space. This seems to users like a broken page or function. So maybe it would be better to import user images (if Facebook still allows it) or to show some message (or fallback image) to users informing them that their browser is blocking the image (and that they can unblock it by browser settings or address bar).
Please let me know in case that a respective update is available!