Opened 3 years ago
Last modified 3 years ago
#37674 new enhancement
Auto-generate password length on Password Reset page cannot be altered
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 4.6 |
| Component: | Login and Registration | Keywords: | has-patch needs-testing close |
| Focuses: | Cc: | ||
| PR Number: |
Description
We have a client that is requiring us to remove the auto-generated password from the password reset page. There is currently no way to do this, as the password is generated and placed without any filtering.
The attached patch adds a resetpass-gen-length filter to allow a plugin/theme to alter the password length, and if it is 0 or less, bypass the auto-generation entirely.
Attachments (1)
Change History (4)
Note: See
TracTickets for help on using
tickets.
Thanks for the patch.
Weak passwords are difficult to create by design in order to keep WordPress secure.
Additionally, this patch would allow plugins to alter the code to generate a weak password, triggering the difficult UI.