I tried finding a solution to my question, but I cannot find this topic anywhere. It's a serious security problem.
I was testing my ability to register to my forums. The registration email has a link to my admin-reset/set password page instead of the forum's community/password page.
How can I change the registration email to provide a link to the forum instead of my admin-password page?
Please set "Yes" the "Replace Reset Password Page URL to Forum Reset Password Page URL" option in Dashboard > Forums > Settings > Features Tab.
Let me explain what's going and why there is point to search support or solution here.
1. First, I want to ask you to deactivate wpForo temporarily and check the new user registration email with the native WordPress user registration form or with other plugin which provide user registration option. You'll see the same result. wpForo has nothing to do with that URL and with this problem. Because all WordPress plugins uses WordPress core user registration system. When you register a new user, it generates password reset URL which MUST refer to WordPress admin system, because the function is located in WordPress admin files not in wpForo or BuddyPress files. As a result, the default URL is this:
https:// example.com /wp-login.php?action=rp&key=UKmkkTcAH2&login=WPDiscuz%20Test
This URL includes the activation key, and it MUST be referred to WordPress admin file or directory to be processed. There is not any file in any plugins that can activate the user and complete this request. That's why when you hide the admin area it still refers to your new e.g. /myx-admin/ folder:
https:// example.com /myx-admin/?action=rp&key=UKmkkTcAH2&login=WPDiscuz%20Test
2. The user activation and reset password link generator is the plugin which hides your admin page, neither wpForo nor BuddyPress has any influence on this. So they have no chance to change it. Even if you use the native WordPress registration form it'll still send the URL with hidden admin folder. So this plugin is designed for websites where the User Registration is turned off.
3. There is only one solution, which is provided by wpForo. You should disable the registration with email confirmation by disabling "Registration with Email Confirmation" option in Dashboard > Forums > Settings > Features Tab. This will add password fields in the registration form and make it one step registration. You can enable reCAPTCHA in Forums > Tools > Antispam Tab to protect the form and install Akismet plugin. It's well integrated with wpForo too.
4. Contact the "Titan Security" plugin support team, and ask them for some suggestion and advice.
did you find a workaround for this as I am also having similar issue with WP Cerber security plugin