I want to keep a check if the user has a particular password, so I have been trying it with wp_check_password but the account for which it is checked gets logged out and can't login again till there is a call of wp_check_password in the code. Digging into the code, I found out that it sets the password by using the new hash. and moreover if I am using wp_check_password( 'hello', md5('hello'), 1 );, it doesn't even check what is …
As we know, there is a built-in option in WP to protect a certain page with a password. Under the general settings for the page, I choose to show it only with password and set the password accordingly. When visiting the page, indeed there is a text box for typing in the password and submit button. The problem is that when I type in the password I set (the right one, I swear) and click the submit button, the page …
So I want to apply a theme and style the lost password page without the use of a plugin. I don't want it to show the default Wordpress lost password page. I managed to style the login form by redirecting the URL to the styled version, but I'm lost as to how I can style the lost password page. Any ideas? Thanks!
I use Ultimate Member and classic form for registration. I have enabled "Strong password", but I want my users to at least fill their password with 1 special character (like "# % $ ...") I didn't find any plugin, so I tried to find the good hook and I tried this code : function um_submit_form_register_theme($args) { global $ultimatemember; $password = $_POST['user_password-257']; if ( !isset($ultimatemember->form->errors) ) { if (!preg_match("/\W/", $password)) { $ultimatemember->classes['form']->add_error( 'user_password-257', __('Your password must a special caractere') ); } …
I have been looking for an answer for a few days digging through hooks and actions. I just cane seem to find a way to turn down the strength on the reset password page not sure if its through woo-commerce or WP I have tried the following add_filter( 'woocommerce_min_password_strength', 'reduce_woocommerce_min_strength_requirement' ); function reduce_woocommerce_min_strength_requirement( $strength ) { return 2; } add_filter( 'wc_password_strength_meter_params', 'reduce_strength_meter_settings' ); function reduce_strength_meter_settings( $data ) { return array_merge( $data, array( 'min_password_strength' => 2, 'i18n_password_hint' => 'Change Hint here' …
I am working on a Wordpress installation where we recently decoupled the frontend into a NextJS application that is no longer hosted on the same domain as the admin. We are accessing data etc through the API. That's been fine for non-logged in users viewing posts etc. But recently we realized that the "preview post" functionality has been broken, because users who are logged in on the admin side are no longer logged in on the frontend. So they can't …
I use a .htaccess password protection to secure my wp-login.php. For me as the admin of the WP/WooCommerce installation everything works fine so far (my password manager helps me to remember the tons of passwords). But now I have the problem, that there are are also registered customers which should be able to see their own customer accounts. When these customers want to log out from their account, they click on the link /customer-logout/ (which is in fact just the …
I have a password protected page that i would like to be accessible with a custom link with the password as get variable in url www.domaine.tld/my-page?code=mycustompassword I have found this but this is not working Bypass password protected posts via GET variable Could you pleaser help me to bypass the password form Regards
I'm creating pages in a portal that are all available to the user but every page is password protected. The user will receive an email ea. month with the password for that months page to view the content. By default, Wordpress does the following (this is from their codex page): WordPress will only track one password at a time. Therefore, if two posts use two different passwords, entering the password for post A, then entering the password for post B …
I'm syncing my Wordpress authentication system with an secondary/external authentication system and my site has at least two ways of resetting the password, including: Password reset email User account screen password reset There may be some third way I'm not recalling, as I've disallowed password resets thus far due to my inability to sync the systems. The crux of my question: How can I hook into the password reset prior to hashing so that I can simultaneously set the new …
I am trying to let a user change their password via the API. What it looks like here is that I can send a POST request to the users endpoint with their user ID at the end, sending the new password in the request body as JSON. So, POST to : https://example.com/wp-json/wp/v2/users/123 And in the body: { "password": "mySecretPassword" } In this case, the user is authenticated via JWT and needs to send the token in the header of the …
I am developing my-account page. I set to edit user's info. But. I can't find the exact information about how to check the password before updating user's data. Maybe, wp_check_password() would works.. but I don't know hot to apply. My codes are below. But it doesn't works. Can you give me hand? $current_user = wp_get_current_user(); $user = get_user_by( 'login', $current_user->ID ); $pass_check = esc_attr($_POST['password']); if ( $user && wp_check_password( $pass_check, $user->data->user_pass, $user->ID) ) ) { wp_redirect( get_permalink() . '?validation=passwordincorrect' ); …
I have a Wordpress site set up with download links that either could be set as external URLs or links to media items uploaded to Wordpress. I would like to password protect these, so clicking a download link would prompt you with an input field for a password, and when entering the correct password, you would be redirected to the external URL or the WP media URL. This should not be connected to user authentication, so you should be able …
I'm auto-generating WordPress (5.9.3) sites on a VPS. I could, as part of the generation script, create random strings for the various keys and salts in wp-config.php. However, there doesn't appear to be any unequivocal statement in the docs that this is actually necessary, and various sources appear to state that WP will generate the keys and salts anyway if there are none in wp-config.php. Two questions: If I choose to leave this up to WP, what should I actually …
I'm building a custom login page for clients and wish to keep the wp-login page for site administrators. For checking for empty fields I'm using the code: function verify_user_pass($user, $username, $password) { $login_page = home_url('/login/'); if($username == "" || $password == "") { wp_redirect($login_page . "?login=empty"); exit; } } add_filter('authenticate', 'verify_user_pass', 1, 3); But this is interfering with the wp-login, as it checks to early and redirects to the "client login page" right after landing on the wp-login page. Is …
When trying to reset password with WooCommerce lost-password it 404's. (ex. domain.com/lost-password/?reset-link-sent=true) I see that this issue has recently been reported but I was wanting to see if there is a solution or hotfix in WordPress StackExachange. I think this is a good work around. https://wordpress.stackexchange.com/a/240886
I am trying to use wp_insert_user() to add a user from the custom registration form. The user gets added to the database with a hashed password, but when the user is logged out and tries to use another custom login form to log in the password never matches. Here is the code to add the user: $userdata = array( 'user_login' => $username, 'user_email' => $email, 'user_pass' => $password, 'first_name' => $fname, 'last_name' => $lname, 'show_admin_bar_front' => false ); For login: …
The “Lost your password?” link on the standard WordPress login screen (wp-login) links to /shop/my-account/lost-password/ instead of the WP standard (wp-login.php?action=lostpassword). My website is the following: www.lazonemph.com I use Members plugin and Wocommerce.. 1) How do I set this back to the WP password page? Because right now my user can't reset their password since the lost/password page is blocked by the members plugin. This link works fine: https://lazonemph.com/wp-login.php?action=lostpassword Can you help me with that please? Thank you!
In WordPress, I need to redirect a child page to its parent page. When the parent page has password protection set, the function code I have below also protects its child pages from having a different password on each page. But I need that when a user goes to a child page, it automatically redirects to its parent page so that they enter the password in the form. I currently have this function added in functions.php that displays the same …
I would like to password protect a page on my blog. Wordpress allows me to give one single password to each protected page. Is there a way to create more than one valid password to access that page?