Forced change of password every login

  • Hello

    I have tried searching, but cannot find quite what I am looking for. I found some plugin, but they were no longer supported, and not tested with the last Wp-updates.

    I am searching for a plugin (or code whatever) that will force the visitor of my site to change to a new password every time they log-in. Preferably with an 2 factor approval (sorry for my spelling, english is not my first language)

    I need it because I teach people, and in the past unfortunately people have been giving/selling out their login information, so people won’t have to buy it from me.

    So basically they will have to put up with it being annoying, I just want it to be as difficult as possible to share info.

    Thanks in advance!

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Do you want the user to enter a new password? If so, then they can just turn around and sell it. It might be better to modify the password once the user logs in, forcing them to use the “forgot password” link the next time they login.

    The function to change a password is here: https://codex.www.ads-software.com/Function_Reference/wp_set_password

    You’d use that function in an action attached to the user login:
    https://codex.www.ads-software.com/Plugin_API/Action_Reference/wp_login

    This function will generate a password:
    https://codex.www.ads-software.com/Function_Reference/wp_generate_password

    Thread Starter magnail

    (@magnail)

    Hi Steve

    Thank you for your quick reply!

    Hmm I think I need a solution like this scenario: They log in, recieve password in email or by text on the phone, when they exit site, they automatically log out. When they revisit, they will have to change pasword, but need to recieve it, either by text or email again.

    I know that they could sell the info, but if they would have to send the info to the buyer every time, I hope that at least it will make it difficult.

    I will myself tell them, they get fined if selling, and will keep record of ip-adress etc. that way I can sort of monitor the activity. I will also make sure, they will have to use the information I have on them, so no changing e-mail or phone-number, if they don’t change it in my webshop, where they buy products.

    It will be access for people attending classes with me anyway, so they will have an interest in visiting the site often, so completely selling info would be stupid.

    Does this make sense?

    I will have a look at the links you provided for me, thank you for taking the time to answer me, it is greatly apreciated!

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    You really have no way of knowing when they exit the site. I suppose you might be able to do some “heartbeat” sort of thing and trigger an event when it stops, but I’m not sure, offhand, how to do that.

    Thread Starter magnail

    (@magnail)

    hmmmm again thank you very much for replying.

    I hope I can find a solution, that at least let me pretend that I can do all this LOL.

    I appreciate you taking the time to think about my idea. And I really think a combination of some of the things you wrote earlier can get me a bit closer to an almost perfect solution.

    I know I will not always be able to catch cheaters, BUT as my country is very small, everybody talks to everybody, and eventually I will probably be warned. I also believe that most of the cheaters, will be “scared off” by the hassle and the warning about fines…

    I will leave this topic open a bit longer, if somebody else have ideas.

    Regards Karen

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Forced change of password every login’ is closed to new replies.