Is there a way to change the temp registration password?

Well for the password to change they must use the profile page which is in the admin panel for default WordPress settings. However, you could create a page for that but that gets tricky and involved and is redundant. You could add a link to their profile page where they can change the password and instruct them to follow that link to their profile page and instruct them to change their passwords for security purposes.

Another option would be to add the password field onto the registration page which you can do with this plugin, that way only they will know it and it won’t be sent over email in plain text, which probably is your concern. To do that just go to the add fields to the registration page and select the Password field along with any others you choose. It will include the password strength meter that comes with wordpress and you can also set your own password strength settings if you choose. This would be the quickest an easiest option in my opinion, if you are trying to do what I think you are doing.

I did that and the password field was perfect and worked really well, but I’m concerned about that being easy for hackers to get into my site if I don’t go through the email step … or isn’t that a problem??

Couldn’t you just make a step in the registration that after they register they get the email link to login https://www.mysite/wp-login.php click it like you do now and goes to the login page just like it does now – only this time it asks for their temp password and allows you to type your new password in twice — adds the new password and then they are registered? I know I’ve done this somewhere. Or maybe it was just a dream.

Patti

Patti,
As far as I know, WordPress currently doesn’t have anything like that, at least that I am aware of. That would require hacking the core more or less and you really don’t want to do that. If the default role for users is subscriber then you shouldn’t have to worry too much about hackers. Sending the email plaintext is just as bad if not worse if you are worried about hackers in my opinion. I am trying to get them to modify the whole login process and add the ability to add a security question and other features like what you are looking for in future updates but the seem more interested in shiny stuff than security for now at least. I will write some code myself and try to get it included in a future update myself so I can incorporate some better security features in my plugin as well.

By the way, that is Windows Active Directory that requires the password change if I recall correctly having to change your password, at least for one instance, I am sure there are others as well as that is a sound security feature and should be part of the core, at least as an option, but they have to cater to those who don’t know much about the web or websites or computers I suppose and don’t want to alienate them or scare them off.

I might be able to come up with something however, after further thought, although it will take some time, maybe a week or two if things go well.
But I am done for the day now, I will start work on that this weekend, you can contact me at my website easier, Creative Software Design Solutions so we can stay in touch and I can keep you updated and get more input from you.

Ok it just seems like it’s combining 2 steps you already have the email that comes with the login link and you click on it and it fills your username and you add your temp password and then why not just let you change your password right there why do you have to go to the admin panel and find the password part and then change your password.

The adman panel, changing your password??? Like one person said it felt like they were in a part of the web site that they shouldn’t be.

In the mean time if you say it’s safe I’ll give the password on registration a try.

Thanks for the awesome plugin it makes me look marvelous!

Patti

I will start work on that this weekend, got a design already worked out, but have to work at my job too, so it will take some time, a week or two like I said. And as far as the password on registration form, that would be fine, as long as the default role for new users isn’t anything above subscriber then you are good. Subscribers can’t do anything to your site even if they wanted too. You can contact me further regarding this at [email protected]

You are just awesome… going to send money so you can keep up the fantastic job you are doing here…
I’m all good no rush on my account.

Patti

Okay, it is updated

I have added that option in the new update.