Opened 5 years ago
Closed 2 months ago
#37674 closed enhancement (wontfix)
Auto-generate password length on Password Reset page cannot be altered
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 4.6 |
| Component: | Login and Registration | Keywords: | has-patch |
| Focuses: | Cc: |
Description
We have a client that is requiring us to remove the auto-generated password from the password reset page. There is currently no way to do this, as the password is generated and placed without any filtering.
The attached patch adds a resetpass-gen-length filter to allow a plugin/theme to alter the password length, and if it is 0 or less, bypass the auto-generation entirely.
Attachments (1)
Change History (6)
This ticket was mentioned in Slack in #core-test by hellofromtonya. View the logs.
2 months ago
#5
@
2 months ago
- Keywords needs-testing close removed
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
I am going to close this out as a wontfix. As @peterwilsoncc mentioned, it's intentionally difficult to create weak passwords. Regardless, I think adding a filter as suggested in #40046 would be a better solution rather than a lone filter in wp-login.php.
It's also worth noting that there is a random_password filter that could be used to just return an empty string. While this is absolutely not an endorsement of that, it would probably accomplish what you are trying to do.
Thanks for the patch.
Weak passwords are difficult to create by design in order to keep WordPress secure.
Additionally, this patch would allow plugins to alter the code to generate a weak password, triggering the difficult UI.