Make WordPress Core

Opened 11 months ago

Last modified 2 months ago

#58312 new enhancement

Display password hint on additional screens

Reported by: petitphp's profile petitphp Owned by:
Milestone: 6.6 Priority: normal
Severity: normal Version: 4.3
Component: Users Keywords: has-patch dev-feedback 2nd-opinion
Focuses: administration Cc:

Description

In WordPress 4.1.0, the function wp_get_password_hint was introduced. This function returns a hint to display to the user when creating a new password.

Currently, it is only used when user go through the "Forget password" steps. This ticket and the PR with it add the password hint to three screens, WordPress install screen, new user screen and user profile screen.

Attachments (3)

install_screen_password_hint.png (150.6 KB) - added by petitphp 11 months ago.
Password hint on install screen
user_add_password_hint.png (54.6 KB) - added by petitphp 11 months ago.
Password hint on new user screen
user_edit_password_hint.png (36.8 KB) - added by petitphp 11 months ago.
Password hint on user profile screen

Download all attachments as: .zip

Change History (17)

@petitphp
11 months ago

Password hint on install screen

@petitphp
11 months ago

Password hint on new user screen

@petitphp
11 months ago

Password hint on user profile screen

This ticket was mentioned in PR #4453 on WordPress/wordpress-develop by @petitphp.


11 months ago
#1

  • Keywords has-patch added

Show passwords hint on :

  • WordPress installation screen
  • new user screen
  • user profile screen

Trac ticket: https://core.trac.wordpress.org/ticket/58312

#2 @SergeyBiryukov
11 months ago

Hi there, thanks for the ticket.

Interesting, wp_get_password_hint() was initially used on all of these screens, but somehow got phased out as part of UI updates. If I had to guess, it was probably to clean up the UI, as the password is now autogenerated by default, and it can be up for discussion if the hint is still relevant in that case.

Some history here:

  • [29962] introduced _wp_password_hint().
  • [30033] renamed it to _wp_get_password_hint().
  • [30940] dropped the underscore prefix.
  • [33023] removed it from the Add New User and Edit User screens.
  • [33246] removed it from the Installation screen.

#3 @petitphp
11 months ago

Hi @SergeyBiryukov

Thanks for looking up history for the function.

Interesting, wp_get_password_hint() was initially used on all of these screens, but somehow got
phased out as part of UI updates. If I had to guess, it was probably to clean up the UI, as the
password is now autogenerated by default, and it can be up for discussion if the hint is still
relevant in that case.

I can see why this could be the case. However, without them, it's really hard to display any kind of info to the user about custom password's validation rules that could exist (mainly in the enterprise context). Currently, the way it can be done is using JS to inject password hint dynamically.

I totally get your point about keeping a clean UI, I'm thinking we could add a new filter to choose if the hint should be shown ?

if ( apply_filter( 'show_password_hint', false ) ) {
    //...
}
Last edited 11 months ago by petitphp (previous) (diff)

#4 @amimulihsanmahdi
11 months ago

I have tested the patch and the password hint appeared, tested for New Install, user add, user edit. Please see the sample screenshot.

Testing Machine: Macbook Air 2020(M1 chip)
PHP version: 7.4.33
WordPress: (WordPress-develop:trunk branch)
https://drive.google.com/file/d/1DOSkzJQRqhUqJRrRu6XMGneEGKQal5iw/view

This ticket was mentioned in Slack in #core by petitphp. View the logs.


11 months ago

#6 @petitphp
8 months ago

Patch refreshed against trunk.

@SergeyBiryukov Do you think the current patch can be merged as is, or should I work on an alternative approach with filters ?

#7 @SergeyBiryukov
8 months ago

  • Component changed from Administration to Users
  • Milestone changed from Awaiting Review to 6.4
  • Version changed from 6.3 to 4.3

Thanks for the refreshed PR! Moving for 6.4 consideration.

The changes from [33023] & [33246] / #32589 were done in WP 4.3, setting the version accordingly.

I wonder if the hint should perhaps only be displayed if a weak password is detected, along with the existing "Confirm use of weak password" checkbox. Curious to see what others think.

#8 @oglekler
7 months ago

  • Keywords dev-feedback added

I think this is a case when we can use Tooltips, but I still didn't manage to move #51006 forward :( Everyone is welcome to help :)

And I agree that better approach will be to show the message if the weak password is detected, this way it will be more noticeable. Possibly it can be marked as other destructive actions. Dedicated ticket: #49714

Last edited 7 months ago by oglekler (previous) (diff)

This ticket was mentioned in Slack in #core by oglekler. View the logs.


7 months ago

#10 @oglekler
7 months ago

This ticket was discussed during bug scrub.

@SergeyBiryukov please provide your feedback on this one. Thank you 🙏

Add props to @mukesh27

#11 @oglekler
7 months ago

  • Milestone changed from 6.4 to 6.5

From my point of view the patch needs a bit of work, so I am moving in into the next milestone to finish.

This ticket was mentioned in Slack in #core by audrasjb. View the logs.


3 months ago

#13 @audrasjb
3 months ago

  • Keywords 2nd-opinion added

In comment:7, @sergey suggested to display it only when a weak password is proposed.
However, I think it would be hardly accessible, and we would probably need to add some a11y.speak fallback… in my opinion we need to choose between display the hint or not.

#14 @swissspidy
2 months ago

  • Milestone changed from 6.5 to 6.6
Note: See TracTickets for help on using tickets.