Posts by Webbu

I am owner of Adonis Facebook. And our help documentation is basic simple and easy like see image below. If customer can’t do it what can i do then.

The file is written Well Documented.

ThemePrince said
laranz: because often they even don’t read the included documentation, just upload the whole downloaded ZIP file in wordpress admin!

+1 i am tired of telling people read this.

Send this to your customer Because refund can only make from Envato.

+1 And i feel not in secure while loggining. It is easy to someone crack password and delete items and do much more things. I can prefer something for security;

1. Google’s system is perfect after login second confirmation from mobile phone message. This system is perfect for security.
2. Password recovery option with mobile phone.
3. SSL For admin area and login area
4. Human verification (captcha) on login page.
5. The last thing if someone trying to enter too much wrong password like 5 time or 10 time envato must be log that ip and block for 24 hour.
6. And while changing something like email addres need to confirm before change with email.
7. Even we not have a secret question or something like that

We absolutely need these things. This is just my opinion..

Is Envato thinking to change security level of system?

sushipasta said
Security questions are a waste of time because they’re too easily cracked. Facebook makes it far too easy for an attacker to gain the required info. Captcha’s on logins ONLY after several failed attempts. There is no reason to be adding one unless there is genuine doubt that the user isn’t human.

For security question you are right. And captcha +1 too. Urgently Envato need fix these things.

OrganicBeeMedia said

justinfrench said

jonathan01 said
Envato need to change this immediately if it is how I am reading this – it’s a useless email if it’s not a confirmation email (confirm to change email – if you don’t, it does not change), very bad practice, especially on a site where people earn money.

Agreed — email changes should be confirmed by the existing email address, and password changes should at least be notified to the current (confirmed) email address. We’ll find a way to correct this very soon.

Update:

Thinking about this some more, it isn’t so simple (is it ever?). There’s a downside to confirming an email address change via the original email address: If you no longer have that email address (you change jobs, or closed the email account, or lose control of the email account to a hacker), then you’re stuck.

This would be the most common scenario for email address changes. The “someone maliciously changed by Envato email address” scenario that happened here is an edge case, so beefing up the security for the edge case would make everything worse in the common case.

Lots to think about, and we are.

why not add multiple security credentials(phone numbers, email, pets name etc)

with a company that handles so much of other peoples money you’d think that be in place already

or do login security codes for unknown browsers/ notification if someone logs in from a different browser(similar to how facebook handles it)

+1 And i feel not in secure while loggining. It is easy to someone crack password and delete items and do much more things. I can prefer something for security;

1. Google’s system is perfect after login second confirmation from mobile phone message. This system is perfect for security.
2. Password recovery option with mobile phone.
3. SSL For admin area and login area
4. Human verification (captcha) on login page.
5. The last thing if someone trying to enter too much wrong password like 5 time or 10 time envato must be log that ip and block for 24 hour.
6. And while changing something like email addres need to confirm before change with email.
7. Even we not have a secret question or something like that

We absolutely need these things. This is just my opinion..

morguefile

dnp_theme said
HAPPY NEW YEAR!!

Happy new year to everyone..