WordPress.org

Make WordPress Core

Opened 17 months ago

Last modified 11 months ago

#37674 new enhancement

Auto-generate password length on Password Reset page cannot be altered

Reported by: achbed Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.6
Component: Login and Registration Keywords: has-patch needs-testing close
Focuses: Cc:

Description

We have a client that is requiring us to remove the auto-generated password from the password reset page. There is currently no way to do this, as the password is generated and placed without any filtering.

The attached patch adds a resetpass-gen-length filter to allow a plugin/theme to alter the password length, and if it is 0 or less, bypass the auto-generation entirely.

Attachments (1)

37674.patch (1.4 KB) - added by achbed 17 months ago.

Download all attachments as: .zip

Change History (4)

@achbed
17 months ago

#1 @achbed
17 months ago

  • Keywords has-patch needs-testing added

#2 @peterwilsoncc
17 months ago

  • Keywords close added

Thanks for the patch.

Weak passwords are difficult to create by design in order to keep WordPress secure.

Additionally, this patch would allow plugins to alter the code to generate a weak password, triggering the difficult UI.

Note: See TracTickets for help on using tickets.