Make WordPress Core

Opened 5 years ago

Last modified 17 months ago

#34236 new defect (bug)

Better passwords - differences between setting and resetting password?

Reported by: pavelevap Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.3
Component: Administration Keywords:
Focuses: Cc:


1) When user registers on a site, there is notification email "Your username and password info" which contains 2 URL addresses:



Why is there the second URL? Nothing can be done here, only antispam filters can ban this email...

2) When user clicks the first link, new password can be set: "Enter your new password below." But why has button text "Reset Password"? User is not resetting password, but only setting first (new) password. And after submitting, there is text "Your password has been reset."

3) Site admin receives 2 notification emails (for one registration):

  • "New User Registration": New user registration on your site... (same in pre 4.3)
  • "Password Lost/Changed": Password Lost and Changed for user...

So, every site admin receive another notification email with not relevant info, because password was not lost and changed, but created for the first time. For sites with many users, it is surprising and not needed... When user changes its password on Profile page, site admin also does not receive any notification. As I understand it, there is no difference when user set first password or reset lost password? It can be confusing for some users...

4) When site admin adds a new user, custom password can be set. But newly added user does not know about it? User received only standard "Your username and password" email with link to creation of new password: To set your password, visit the following address...

I am not sure, if I understand workflow completely, but it seems to me a little bit confusing...

Change History (1)

#1 @obenland
5 years ago

  • Component changed from General to Administration
  • Version changed from trunk to 4.3
Note: See TracTickets for help on using tickets.