Controlling Site Access
ActiveMember360 and WordPress Login
There is no need for an ActiveCampaign contact to exist as a user within WordPress prior to their first login.
ActiveMember360 will automatically create a WordPress user if one does not already exist during the successful login process.
For an ActiveCampaign contact to be able to login to your WordPress site they must satisfy the following:
- Exist as a contact within ActiveCampaign.
- Input a password that matches the one stored within ActiveCampaign or WordPress if they already exist as a WordPress user.
- Have at least one of the ActiveCampaign tags used to define a membership in ActiveMember360, Settings, Memberships unless ActiveMember360, Settings, Login, Allow login without a membership tag is set to Yes.
- Not have the ActiveCampaign tag used to ban a contact from logging in to the site as defined at ActiveMember360, Settings, Login, Tag used to ban a subscriber from site.
The only exceptions to the above is if:
- You are using the ActiveMember360 Autologin feature i.e. ActiveMember360, Modules, Autologin is enabled and the autologin link/redirect is from ActiveCampaign, ClickBank, Digistore24, JVZoo or ThriveCart. In such a case a password does not need to exist in ActiveCampaign nor a user in WordPress. Additionally if the autologin is from ClickBank, Digistore24, JVZoo or ThriveCart an ActiveCampaign contact does not need to exist, as upon successful validation of the autologin URL an ActiveCampaign contact will be created by ActiveMember360.
ActiveMember360 also allows a login by a WordPress user who does not exist as a contact within ActiveCampaign.
In order to support the above ActiveMember360 performs it's own authentication process over and above that of WordPress.
ActiveMember360 is hooked in to the standard WordPress login process using the WordPress authenticate filter hook in order to achieve this.
For security reasons a contact should not exist within ActiveCampaign with an email address the same as that of a WordPress administrator user.
The login page for your site can be chosen within ActiveMember360, Settings, Special Pages, Select your login page.
The default WordPress login page is that at
wp-login.php which has it's own login form.
ActiveMember360 also provides a login form that can be used upon any page you chose. It is available using a shortcode, see ActiveMember360, Shortcodes, mbr_login_form. Similarly there is the ActiveMember360 Login Block.
Using any of the listed login methods above is recommended as they are the most robust and flexible. All of the methods will permit a redirect upon login as defined in ActiveMember360, Settings, Memberships. That setting can be overidden by the specific redirect settings of the ActiveMember360, Shortcodes, mbr_login_form and the ActiveMember360 Login Block.
ActiveMember360 is fully integrated with WooCommerce see ActiveMember360, Extensions, WooCommerce. A login using the WooCommerce login form will always redirect to your site's WooCommerce My Account page.
Regarding alternative login forms, for example those from other plugins and page builders, if they use the standard WordPress login process they are likely to work with ActiveMember360. However the redirect upon login will be typically controlled by the other plugin or page builder.
Failed Login Attempt
If the login fails the visitor will be shown a message detailing why. The messages are somewhat generic to prevent unauthorised users from knowing exactly why their login attempt failed.
The messages typically shown are:
- ERROR: Incorrect username/password. - The incorrect username, email address or password was entered.
- ERROR: Sorry, you do not have login privileges on this site. - The ActiveCampaign contact does not have at least one of the ActiveCampaign tags used to define at least one membership in ActiveMember360, Settings, Memberships or ActiveMember360, Settings, Login, Allow login without a membership tag is set to No.
- ERROR: Invalid username, email address or incorrect password. - The incorrect username, email address or password was entered.
- ERROR: An unknown error has occurred during login. Please try again. - A WordPress error occured when attempting to create or update the WordPress user.
Successful Login Attempt
After a successful login the user will either be logged in as a administrator user, local user, or remote user.
The following applies for the remote user.
The logged in user will be immediately redirected in this order of priority:
The redirect on first login as set in ActiveMember360, Settings, Login, Page redirect on first login.
Else the redirect upon login URL as set for the ActiveMember360 Shortcode [mbr_login_form] or the ActiveMember360 Login Block used to login.
Else the Redirect upon login URL as set in ActiveMember360, Settings, Memberships, Redirect on login.
The order of the ActiveMember360 Memberships is important when determining the Redirect on login that should take preference. If the logged in user has the ActiveCampaign tags that define multiple ActiveMember360 Memberships the Redirect on login that applies is that specified for the first ActiveMember360 Membership in the list working from top to bottom that the user belongs to.
Else the site URL as set in WordPress, Settings, General, Site URL.
The logged in user will have access to public content and content to which their ActiveCampaign contact data permits.
After a successful login ActiveMember360 can be configured to run an ActiveCampaign automation defined in ActiveMember360, Settings, Login, Automation to run on login.
Finally if ActiveMember360, Settings, Login, Name of "last login" custom field is set the user login date for the current session will be saved to the chosen ActiveCampaign field.
During a successful login the WordPress user
last_name are always updated to match the ActiveCampaign contact fields
last_name of the contact associated with the WordPress user.
The most important cookie, which is created after a successful login, maintains the link between the WordPress user and the ActiveCampaign contact with the same email address. This cookie
mbr must remain in place.
Please ensure that neither your hosting provider, nor cookie consent plugins or services, are removing the ActiveMember360 cookies, most importantly the
mbr cookie. They are essential for the correct operation of your site.
All ActiveMember360 cookies are removed after a logout from the WordPress site.
The full list of possible cookies all used for functional purposes are: