Opened 7 months ago
Last modified 7 months ago
#60529 new defect (bug)
Filter to disable "password reset"
Reported by: | ttodua | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Login and Registration | Keywords: | 2nd-opinion dev-feedback |
Focuses: | Cc: |
Description
there is existing filter allow_password_reset
which doesn't work as it might sound..
For example, setting that filter to false
still allows the "wp-login.php?action=lostpassword" url continue to work.
Many people today uses 3rd party authorizations (Google sign in, facebook, etc etc) and want to have disabled internal registration/password reset forms.
It will be good to have a filter to disable "Lost password" capability completely.
(Also, I assumed that if users are allowed to be registered on site, then it doesn't have any point to have "Lost password" disabled, so, the check includes whether "registration is disabled".)
Attachments (2)
Change History (7)
#2
@
7 months ago
Hello @ttodua
It's not good to disable forget password entirely.
As per your logic, let's say someone created their account with Facebook login while their email is with Google. Somehow they lost their FB account and due to that they cannot login on the website. So forget password will help them to reset the password with the email or username.
Apart from that, I never see any website which have social login and so they removed forgot password or reset password from website. All major website still have both options.
Let's see if anyone else have opinion on it.
#3
@
7 months ago
@rcreators
thanks for input, but I think you misunderstood the point of the topic.
First, there is no judgement whether this is good or bad for someone, the website owners know what's good for them, so the filter will just give them an ability. I nowhere mentioned that "it should be default for all users in the world":) Even the patch suggests that it's not enabled by default.
Second, if they loose access to their google account (you emphasize on facebook only, but most of sites , like us, use GOOGLE and APPLE logins only) and they can't login to their gmail, then what's point of password reset?::
#49860 was marked as a duplicate.