WordPress.org

Make WordPress Core

Opened 14 months ago

Closed 14 months ago

Last modified 14 months ago

#44994 closed enhancement (duplicate)

Do not allow same password for Protected Posts

Reported by: szshezan Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Posts, Post Types Keywords:
Focuses: Cc:
PR Number:

Description

Hi,

The default behavior of WordPress is while using a same password for some protected posts, unlocking a single post unlock the others. I think it could be a pitfall sometime.

May be WordPress encourages not to use similar password in more than a post, but let's say there are hundreds or thousands of protected posts and may some of them can have same password by mistake or intentionally.

Please let me know your thinking about this matter. Or, if there is any other alternative(s) not in my knowledge right now, please suggest.

Best,

Shahriar

Change History (5)

#1 follow-up: @mukesh27
14 months ago

  • Component changed from General to Posts, Post Types
  • Keywords 2nd-opinion added
  • Summary changed from Protected Posts those uses the Same Password to Do not allow same password for Protected Posts

Hi @szshezan, Welcome to WordPress Trac!

#2 in reply to: ↑ 1 @szshezan
14 months ago

Replying to mukesh27:

Hi @szshezan, Welcome to WordPress Trac!

Thanks @mukesh27!

#3 @mukesh27
14 months ago

  • Keywords 2nd-opinion removed
  • Resolution set to invalid
  • Status changed from new to closed

Hi @szshezan i have check it and it's good idea to add unique password for Password protected functionality but if we add unique password functionality it break security.

for example i have set one password for one post called "Test 01" with password "testpost@123" and other use from same WP setup try to set password for other post with "testpost@123" then we will show error there so he/she knows that this same password is bind for any other post and this is not good for security purpose.

So i think it is not good to add unique password for each post.

Now going to close this ticket as it not good for security.

#4 @SergeyBiryukov
14 months ago

  • Focuses accessibility removed
  • Resolution changed from invalid to duplicate

Hi @szshezan, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #16483.

#5 @SergeyBiryukov
14 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.