WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 10 months ago

#28168 closed enhancement (duplicate)

Registration process is dated, Password emailed in plain text

Reported by: AdamCapriola Owned by:
Milestone: Priority: normal
Severity: critical Version: 3.9
Component: Login and Registration Keywords:
Focuses: Cc:
PR Number:

Description

I think the current new user registration process for WordPress is dated. Most websites these days (including WordPress.com) require the user to input a username, email, and password, then make the user the activate their account via a link in a confirmation email. Presumably it is a security flaw to email a user their password, which is what WordPress currently does. (During a forgot password request, WordPress does send a unique link to change it though, rather than email the user the password itself, which is good.)

This workflow would also help alleviate the issue of spam accounts registering on WordPress sites, because the accounts could be made invalid until the activation links are clicked. If I enable registration on even my website that gets little traffic, I'll have spam registrations piling up within minutes.

Change History (5)

#1 @ToasterOven
4 years ago

  • Severity changed from normal to critical
  • Summary changed from Registration process is dated to Registration process is dated, Password emailed in plain text

I have to say this is a bit absurd this has not been updated yet.

Is there any chance of getting this worked on. If I had the skills to make this change I would contribute, :( sadly I cant code.

Thanks, I hope to see this fixed soon!!!

#4 @SergeyBiryukov
4 years ago

#32542 was marked as a duplicate.

This ticket was mentioned in Slack in #core by jacobsantos. View the logs.


4 years ago

#7 @chriscct7
10 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Fixed in #32428

Note: See TracTickets for help on using tickets.