WordPress.org

Make WordPress Core

Opened 18 months ago

Closed 18 months ago

Last modified 18 months ago

#45479 closed enhancement (worksforme)

Display text after lost password request

Reported by: yuluma Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.8
Component: Login and Registration Keywords:
Focuses: Cc:

Description

First i've posted this here https://wordpress.org/support/topic/display-text-after-lost-password-request/ and James Huff sugested to create a bug report.


Current situation with clean install and twenty 17 theme.

Reset password with an email address that exists in the user section
get a text message after reload that a password reset link was send to the given address

Reset password with an email address that doesn’t exist in the user section
get a redirect to the password reset page… nothing else

According to general standards like this, or this I would expect the same response like:

If you have an account with us we’ve send you an email with a link to reset your password.

OR

If WP cares less about security/privacy at least I would expect a text to display with a failed password request. Especially now we know there IS a difference between an existing and non existing email address.

UX Bug
At least we could state that we now have a situation where we do inform the customer and where we leave them in great doubt if anything happened at all. This can’t be good for the users of the sites that work with WP.

Change History (4)

#1 @pratikgandhi
18 months ago

  • Keywords close reporter-feedback added; 2nd-opinion removed
  • Resolution set to worksforme
  • Status changed from new to closed
  • Version set to 4.9.8

Hello @yuluma

Thank you for the question. I have tested it in the WordPress latest version and I got the error message that ERROR: There is no user registered with that email address. in lost password page. can you please give more clarity by giving the screenshot?

Thanks

#2 @ocean90
18 months ago

  • Keywords close removed
  • Milestone Awaiting Review deleted

#3 @yuluma
18 months ago

  • Keywords close added

Thanx @pratikgandhi and @ocean90 for testing. No clue why this happened because when I test today I cannot reproduce.

#guiltyfeeling

#4 @SergeyBiryukov
18 months ago

  • Keywords reporter-feedback close removed

No worries @yuluma, thanks for the follow-up! :)

Note: See TracTickets for help on using tickets.