New users email not sending password

Thank you
Wish you could work this out… This wordpress new method is really bad

I think the point is that you don’t want to. This is WordPress’s new security: rather than showing the user their randomly generated password (inherently insecure, I believe), you send them a link to create their own password. This is also probably a better user experience anyway because they can use a password they can remember.

Sean – the POST array doesn’t contain the password anymore. I created loops within loops looking for it, and it doesn’t exist.

This is very bad user experience

https://security.stackexchange.com/questions/17979/is-sending-password-to-user-email-secure

Here is some quick reading.

P.S. I don’t mean to be rude! I hear your complaint, but there are reasons it is the way it is now.

Yes and no. I would love to just ignore the fact that the password is accessable but the fact remains that some plugins allow the user to set their own password as part of the signup process. In situations like this we don’t want WordPress to reset it using a hash and so an email that just tells them their password is better.

That said I agree that it’s not secure to be sending passwords around all over the place. My theory was to include a new field in the settings which looks in REQUEST and people could use it to include anything they wanted. It wouldn’t be insecure because 99% of users wouldn’t use it and those that did would know what they are doing

@pennycan I agree it’s not there. I looked myself but it would only be there if the password field is in the signup form. It would never be in a superglobal if the password was set by WP as part of the vanilla registration process.

I agree it’s annoying as this is a fundamental change but it’s not the first time and it won’t be the last. We had better just deal with it and move on I suppose ??

ta
S

Sivmil,

If you pre-empt the user this will suffice. I added the following text to help improve the user experience :

Password: Click to set (You will be directed to a WordPress login page to reset your password. This is for added security)

Will test that and see how it plays out.

Cheers,
D

Thank you for all the effort!
Actually this is very simple, and more safe.
I’ve changed the text in my email to the new user and added the line:

Click here to create your password: [upme_reset_password]

I’ve tested it and it works well.
Thank you!

Just wanted to say that I installed this tonight and so far it seems to be working well with my tests. Sean, thank you so much for putting it together; it is a major improvement over the standard WP email.

Updated to the new version: required a bit of a rewording, but works just dandy. Request for future update is to be able to change the text of the “click here” link.

Otherwise, this is back to being the top plugin option for a proper welcome email. Thanks for the update!

Thanks.. you can change the click here link. You just use the different shortcode. I think it’s reset_pass_url and you just build your own link using <a href=”[reset_pass_link]…

ta
S

Hmm… I use this & it just creates a link to the standard wp-login.php page:

Username: [user_login]
Password: Please click here to set a password: [reset_pass_url]

What’s the proper shortcode?

Thanks!

I fixed by removing then reinstalling the plugin. Seems to work great now.

Thanks!!!