I wonder if that plugin could be updated without compromising the overall security of our instances:
We don’t have a lot of users or audience and I see that clicking ‘two links’ (one from e-mail and another one from browser) are limiting the successful registering process.
Your intention is to let people enter any email they want and create an account? If that’s really what you want, please don’t. My wife regularly gets emails from schools, libraries, and other places where someone else has somehow entered her first.last@gmail.com email address. As often as not, they won’t believe her when she asks then to stop sending mail.
And that’s just why it’s bad for everyone on the internet. It also means that spammers don’t even need a valid address to create an account.
Bypassing email verification, and subsequently sending emails to an unverified address would compromise your site.
If users enter an address which isn’t theirs, and the true owner subsequently reports your emails as spam, then other legitimate users are less likely to receive the emails from your site.
Lots of email providers visit every link in emails, which resulted in accounts being activated without the email ever being open. Which is way we changed the older flow and put the button in place.
The issue is that clicking on the button once is too much friction? Social logins are a way around that.
Social login needs social media account and our audience aren’t close to social media, we like to self-host because we value our privacy (when it’s possible).
We recieve a lot of questions about the activation, I suspect because today almost everything are working with sign-in codes or single clicks.