Opened 10 years ago
Closed 6 years ago
#28168 closed enhancement (duplicate)
Registration process is dated, Password emailed in plain text
Reported by: | AdamCapriola | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | critical | Version: | 3.9 |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
I think the current new user registration process for WordPress is dated. Most websites these days (including WordPress.com) require the user to input a username, email, and password, then make the user the activate their account via a link in a confirmation email. Presumably it is a security flaw to email a user their password, which is what WordPress currently does. (During a forgot password request, WordPress does send a unique link to change it though, rather than email the user the password itself, which is good.)
This workflow would also help alleviate the issue of spam accounts registering on WordPress sites, because the accounts could be made invalid until the activation links are clicked. If I enable registration on even my website that gets little traffic, I'll have spam registrations piling up within minutes.
I have to say this is a bit absurd this has not been updated yet.
Is there any chance of getting this worked on. If I had the skills to make this change I would contribute, :( sadly I cant code.
Thanks, I hope to see this fixed soon!!!