Product Support

Participant Login

Provides username/password access to edit a Participants Database record.

Product Setup

To configure the plugin for use, start by making sure your “Participant Record Page” is correctly configured by visiting the “Record Form” tab in the main Participants Database settings. This tells the login form which page to go to when the login is accepted.

Setting up the Participant Record Page

Configure the Login Form

On the Participant Login settings page, you can configure the form to show one or two fields that the user will need to fill in to access their editable record. The first field is called the “Username” field, and it is used as the primary identifier. This can be an email address, an ID number of some kind, or really anything that can be used to uniquely identify the user.

The second field is called the “Password” field, but it can also be anything you want. It is usually used to verify the user, especially if the Username field is something that would be generally known, such as an email address. It is also possible to set up the form to use only a single input field by unchecking the “Require Password” checkbox. When this is unchecked, only the Username field will be shown in the form. You might do this if your username field was something only the user would know, such as an ID number.

When selecting the field to use for the password field, it is important understand that “password” type fields store the password in encrypted form, which means an administrator cannot know what the password is. If you need to be able to tell people what their password is, use a text-line field for your password field, then you will be able to look up their password because it will be stored in plaintext.

Create Your Login Page

Once you have configured the login form, you should create a page that will be the login page. On that page, place the [pdb_login] shortcode to show the login form. It is possible to use a custom template for the login form if you need.

This shortcode will accept the following attributes to configure how it looks and works:

  • template for using a custom template
  • record_page to set the page (use the page name or ID) that the user goes to after successfully logging in; that page must have the [pdb_record] shortcode.
  • login_button_text to set the text on the submit button for the login form

Persistent Login

When using the “Extended Access” preference, the user is automatically forwarded to the record edit page from the login page for 24 hours after successfully logging in. This period can be changed using a code filter.


To end the persistent login before it expires, you can use a logout link. You may need to use this if you have users that must have access to more than one record. The logout URL is simply the login URL with “?pdb-logout” appended to it. For example, if your Participants Database login page is at /pdb-login, your logout link would look like this:


If you are not using pretty permalinks, you need to do it slightly differently. For example, if your login page is on a page with an ID of 2034, your logout link would look like this:


Product Settings

Login Form Settings

Username Field

Selects the field that holds the username. This could be an email address, a made-up username, or even a member ID number. If the password is not required, this will be the only field shown. This field should hold a value that uniquely identifies the record. If more than one record matches the value, the first record found will be used.

Username Not Found Feedback Message

Message to show if the username does not match any record.

Require Password

If this is checked, both the username and the password must match an existing record for the login to be accepted. If unchecked, no password will be required, and a correct entry into the username field will take the user to the record edit screen. Be careful with this, it could allow data to be changed by unauthorized persons.

Password Field

This is where you set the field that is used for your”password.” If “Encrypt Passwords” is set (this is the default) only “password” type fields can be selected here. If you deselect the encryption preference, you can use any text field here, but not password fields. If you set this field to “required” (on the Manage Database Fields page) the user will be forced to type in their password when they edit their record. If the field is set to “not required” it will still be required in the login form.

Use Encrypted Password

You have the option to save the passwords as encrypted or unencrypted. If the passwords are encrypted, nobody will be able to know what the actual password is. This is to keep them secure in case of a breach. If you are using encrypted passwords, only a “password” type field may be used as the password field. If this is deselected, you may us any “text” type field for your password field. This may be preferable in situations where keeping the password encrypted is not needed, or if you want to use a regular text field for your password field, such as a member ID or other identifying field value. When deselected, the passwords are stored in plaintext and so will be visible. This would allow an admin to tell a user what their password is, for instance. Important: when changing this setting, you must save the settings twice: once to change this setting, then again to save the “password field” selection.

Login Button Text

This is where you can set the text that is shown on the login form submit button.

Bad Password Feedback Message

Message shown if the password doesn’t match the value in the database.

If checked, a cookie is stored on the user’s browser when they successfully log in, so tha when they are directed to the record edit page, the URL does not show the private ID of the record. This can also be used to allow the user to bypass the login for a while if the setting below is set.

Extended Access

This sets the cookie to stay valid for 24 hours, allowing them to bypass the login for that period of time. This requires the the “Use Cookie” setting be selected as well. When a user with such a cookie visits the Participant Login page, they will be immediately redirected to their record edit screen. The 24-hour period can be changed to another value by using a code filter.

Password Recovery Settings

Provides a way to send the direct link to the user’s record so their password can be changed or recovered. This requires the the “Resend Private Link” functionality in Participants Database be correctly configured. This does not send the password or set a new password, it functions in the normal way for Participants Database: it provides the recipient with a private link to edit their record. They may use that link to change their password if they wish.

Lost Password Form Shortcode

This shortcode is used to generate the lost password form. This setting allows you to customize the shortcode, primarily so that a custom template may be used. the default value here is 

Request your Private Link


Password recovery works by emailing the user a “private link” which can be used to access their record edit page, bypassing the login form. When checked, this setting will change the private ID every time it is used to access the record edit page. This keeps the private link secure because it can only be used once. Don’t use this if your users need to be able to use a static URL to access their record edit page. This setting has the effect of changing the private ID code every time the record is saved.


How does the "brute-force" protection work?

Every time the form is tried, the attempt is recorded with a timestamp and and the user’s IP. If there are over 10 attempts in a hour from a single IP, that IP is not allowed any more attempts for an hour.

Can I change the number of login attempts are allowed before the IP is shut out?

Yes, it quires the use of a filter callback. The number of attempts allowed is filtered by ‘pdb-login_max_attempts’ and defaults to 10. The time within which this number of attempts is allowed is filtered by ‘pdb-login_attempt_timeframe’ and defaults to 1 hour in seconds, or 3600.

What if someone loses or forgets their password?

The plugin uses the “Resend Private Link” function that Participants Database uses. There is a setting to include the link in the login form. If someone doesn’t know their password, when they click the link and enter their identifying information (usually an email) a “private link” is sent to them that they can use to access their record. They can change their password at that time if they wish.

Is there any way to find out what someone's password is?

If you are using encrypted passwords, there is no way to know what the password is. In that case, the user must set a new password. If you are using plaintext passwords, then yes, no problem, the password will be visible to an administrator. The password will also be visible to the user when they edit their record.

How secure is the login form?

The login form provides a reasonable amount of security for non-critical applications. While security is very important to the design and operation of Participants Database, the plugin is not recommended for storing high-value information such as credit card numbers, social security numbers, passwords, etc.

The level of security when using this plugin is largely determined by it’s configuration by the administrator. Security is always a trade-off between convenience and how hard it is to break in. If you opt for convenience, it will be at the expense of security, that’s just how it works.

This plugin is designed to be useful in low-security situations where things link single-field logins and plaintext passwords are desirable. The security can be enhanced by using encrypted strong passwords, and hard-to-guess usernames that are not publicly viewable.

How can I prevent the private ID from being seen in the URL after they log in?

In the Participant Login settings enable the “Use Cookie” setting. Now, when someone uses the login form, they will be directed to the record edit form without any indication of the record ID or private ID in the URL.

Is it possible to direct the user to a different page depending on a value in their record?

Yes, there is a filter that is used to get the URL of the page the user goes to after they successfully log in. The filter is ‘pdb-login_after_validate_submission’ and it passes in the user’s record and whether it was validated or not. (This means this can also be used to change where they go if the login wasn’t valid.)

I have created a simple plugin that demonstrates how this can be done:

Redirect PDB Login

You can download this demo plugin and make the changes needed to work for your situation.

How can I add a CAPTCHA to the login form?

It is possible to add reCAPTCHA protection to the login form if you have the PDb reCAPTCHA add-on installed and working. You need to use a custom template, I have provided an example of the template you can use for this.


You will need to understand a bit about how custom templates are set up, ready this article for the details:

Using Participants Database Custom Templates

Once you have the template in the correct location, you can use that template in the login form with this shortcode:

Support Discussions for Participant Login

  • I am looking to use Participants Database to store information relating to Dog Rescue. The database will only be accessed & updated by wordpress editors of the website. Having difficulty understanding how i can use short codes, when any of the admin will create multiple new records (signup?) so can i use a front end form to create / view / edit new records. Also as i have multiple owner/address fields have setup Field Groups but striggling to understand how i use Field Group Tab to work with them.

    • In order to use the plugin in a controlled access setup like that, you need to control the access to the pages where you are using the plugin shortcodes. You may need to install a plugin that lets you determine which user roles can access certain pages. Then put the plugin shortcode on the controlled-access page.

      For a situation where you have multiple sets of fields that are the same, you need to define each of those fields separately. So, something like “owner 1 name”, “owner 2 name”, “owner 1 phone”, “owner 2 phone” and so forth.

      There are so many ways to set this up, I can’t really tell you how, you just need to dive in and get to know how it works. It’s easy to move fields from one group to another, so you can try different ways to organize the fields unto you get something that works the way you want.

  • We just purchased the Login Add-in and I realized that we did not have a password field in our database. So I added a new field using the manage database fields tab (the database is already populated with about 1000 records) but when I go to select that field in the Particpant login setup (password field) it is not displayed as one of my options. Every other field is displayed but not the one I just added and want to use to store passwords.

    • I didn’t did a good job of explaining ths, but in order to use a password type field, you need to enable the “use encrypted passwords” setting.

      • That worked. As soon as I enabled the encrypted password setting and saved….it auto-selected my password field. Thanks.

  • Hello Roland,

    I was not able to set up this add-on correctly.
    Just to test it I was trying to use the email as an username without asking for a password.
    After I enter an existing email and click to the login button the page just reloads without displaying any records.
    Later I was trying the same thing with Private ID with the same result.
    Is there any settings that I was missing?
    Thanks for the help!

    • Make sure you have the “Participant Record” setting pointing to your page with the [pdb_record] shortcode on it. This is in the Participants Database settings under the “Record Form” tab.

      • Thank you for the help, now it’s working perfectly!

        I was thinking that the login page will reload with the informations of the user, but now it’s clear to me, that this addon will redirect them to the record editing page that has their PrivateID

  • Hi,
    I am wanting each college and student to have their own page with their editable form on. Is this possible with Participants Login and permalinks addons?

    • This is possible. The plugin uses a system of “private links” that are used to access a record in editable form. The private link contains an access code for security. Check the Setup Guide in the plugin admin menu for basic instructions on setting up the plugin.

      The Pretty Permalinks add-on is unnecessary to this function, it just makes the URLs look nicer.

  • Hi Roland
    I have a strange behavour of the password-field which I need for the login procedure:
    I set the field type to “password field” and the validation to “Regex/Match”.
    When the password is empty (just after the registration), the corresponding field on the “Participant Record Page” accepts only the values defined in the Regex-string as expected. But as soon as the correct password has been entered and accepted, further changes to the password are not checked against the Regex any more! (without any error message).
    I tried it with an easy Regex like /^PW$/ too, as well as in a new installation, For a cross check, I defined a pw field as a text-line with the same Regex-String. There it works as epected: Each new input is checked against the Regex, with the appropriate message.
    What I am doing wrong?
    Many thanks

    • Thanks for letting me know about this, I will have to look into the reasons for this and include a fix in the next release.

      In the mean time, you can use Client-Side Validation for something like this.

      • Hi Roland
        With the update of PDb to Version, the behavour mentioned above has disappeared on my installation. I think, you fixed it!
        Thank you

  • Hi Roland
    I tried to customize the login using the template-mechanism, as I did with the pdb-record, pdb-single and others. But i do not succeed, neither using the template folder of the theme nor putting the template into the custom template folder, although there is a pdb-login-default.php file in the login plugin (which seems to be a part of the template-mechanisme).
    What am I doing wrong?
    Many thanks for your help!

    • Yes, the custom templates are working for the [pdb_login] shortcode. The template should be named something like pdb-login-custom.php and then in the shortcode it will be [pdb_login template=custom] This is working in my tests. If that is correct, then I suppose it could be the file permissions? The should be something in the debugging log if it can’t load the template.

      • Hi Roland
        Thank you for your fast answer.
        The error was just a misspelling in the shortcode calling the template!
        Now it works as expected!

  • Hi Roland,
    I need to shows users certain links once their are logged in and not them when they’re not yet logged in.
    For example; I need ‘Sign in’ to be changed to ‘Profile’ once the user is logged in and show them the ‘Sign out’ link wrapped by a button as well.

    How do I do that?

    • It’s important to understand that Participants Login doesn’t provide a persistent login, this add-on only gives them access to their record in editable form, it does not give them any privileges beyond that.

      You can change buttons and things based on whether the user is logged in to WordPress but how you do that is dependent on where it is you want to show the link. Participants Database doesn’t generate the links you’re talking about: they are simply links to different pages with different Participants Database shortcodes, so this is more of a WordPress question.

      If you do intend to link Participants Database record to WordPress users, I have an article that explains how that can be done:

      Using Participants Database with WordPress Users

  • Hi, can I disable the private link to edit a record by the user when I use the participant login plugin?

    • You can’t disable it, but you can remove it from the email template so the user never gets it. The private link is used for password recovery, so if that functionality is disabled, there is no way for the user to get to their record to reset their password.

  • Hi,
    I am thinking of using this plugin to set-up a small database of my contact numbers of Police Stations, Fire Stations etc that can be viewed by our community in case of upcoming emergency or disaster. However,instead of allowing separate individuals to login and input and update their records that would require them to login using their email, i would inquire if it is possible if I can input/update all their details using the admin panel of WordPress or another way is I will be able to input and update all their records based on a single login page that would direct me to the database or to my email address with the link to the page where I can add/edit records.

    In other words, is it possible using a single login page that would direct me to a link thru my email to add and update multiple records.

    thanks in advance. this would help me and my community in getting advance help in case of tayphoons and flooding

    • Hi Darwin,
      Everything you’re asking about can be accomplished in the WordPress admin section for Participants Database, so all you need is an admin login to completely maintain the plugin. The Participant Login add-on here is really only to give a public user access to their record, so it’s not needed for a situation such as yous where you have an administrator maintaining the records.

      Let me know if you have any other questions about configuring the plugin for your use.

  • Hi,
    I’m using the one-time password link reset option, but it doesn’t seem to do anything. When I create a new entry using the signup form, if I use the password reset link once, change the password, then use it again, I get the same URL every time. (I’ve also set the Private ID length at 16, but it seems to max out at 9?)
    I’m not yet using the “use cookie” or “extended access” options. I’ll probably enable them later, I’m still testing now.
    The pages in question are still under development, but I can send a link if there’s a non-public way to do that.
    Many thanks,

    • Are you using the latest version of PDB Login? Should be 1.12

      If you want a PID that is over 9 characters, you need to change the datatype in your database, it is normally set to 9 characters as a VARCHAR(9) datatype. You need to use phpMyAdmin to change the number of characters allowed.

Got a Support Question?

You have to agree to the comment policy.

Would you like to be notified of followup comments via e-mail? You can also subscribe without commenting.