Is it still possible to send passwords in New account created emails?

  • Resolved prwordpressorg

    (@prwordpressorg)


    2 years, 9 months ago

    Hi,

    I have trouble sending people automatically created passwords in their emails.

    In WooCommerce settings, I have a checkmark at ?Create user password auttomatically“, each new client is therefore assigned a password automatically.

    Then, in the Customer new account email, I had a line

    Your password has been automatically generated: %s

    However, instead of the showing the password, the appropriate part of the Customer new account email that customers get contains instead a link to reset their password, not the password itself.

    After investigation, I found that WooCommerce has changed the code for serving the password in 6.0:

    OLD CODE

    <?php if ( 'yes' === get_option( 'woocommerce_registration_generate_password' ) && $password_generated ) : ?>

	<p><?php printf( __( 'Your password has been automatically generated: %s', 'woocommerce' ), '<strong>' . esc_html( $user_pass ) . '</strong>' ); ?></p>

<?php endif; ?>

    NEW CODE (Since WooCommerce 6.0)

    // Only send the set new password link if the user hasn't set their password during sign-up.
if ( 'yes' === get_option( 'woocommerce_registration_generate_password' ) && $password_generated && $set_password_url ) {
	/* translators: URL follows */
	echo esc_html__( 'To set your password, visit the following address: ', 'woocommerce' ) . "\n\n";
	echo esc_html( $set_password_url ) . "\n\n";
}

    Is there something I can do to actually send the password to the customer in the Customer new account email … or do I need to find another way?

    Or has the ability to send people their passwords been deprecated?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter prwordpressorg

    (@prwordpressorg)

    I did find out the details of this change and yes, the password has been removed from the Customer new account emails from WooCommerce 6.0.

    Is there a way to still give the customer an automatically created password immediately in this email… instead of making them jump through hoops?

    Because if not and all customers are forced to create their own passwords, this will be a reason for many site owners slowly abandoning WooCommerce:

    Forcing customers to do things they don′t want to (click on link, enter their email again, wait for the reset email, click on link, enter password, save, go to login page)… instead of just giving them the password immediately and let them log in… is bad for business.

    I understand the security issues for some businesses. But there are hundreds of thousands of “simple” businesses where customers just want to jump in, buy the thing and leave.

    Making them go though so many steps just to buy again (they need a password) or even log in to their purhase is killing a significant part of business.

    Hi @prwordpressorg

    When a user is created, it uses the woocommerce_created_customer hook, you may need to check inside this hook for the unhashed password.

    For security reasons, I’d not recommend trying to unhash a password and also sharing it as plain text inside the email, but since it may be a fairly complex development topic. I’m going to leave it open for a bit to see if anyone can chime in to help you out.

    I can also recommend the WooCommerce Developer Resources Portal for resources on developing for WooCommerce.

    You can also visit the WooCommerce Facebook group or the #developers channel of the WooCommerce Community Slack.

    We’re lucky to have a great community of open-source developers for WooCommerce, and many of our developers hang out there, as well.

    All the best,

    Thread Starter prwordpressorg

    (@prwordpressorg)

    Hi @chiape,

    thanks fo the reply.

    Upon reading your answer and re-reading my question, I now feel that there could be two ways of understanding my question, so let me clarify:

    To make the purchasing experience in my WooCommerce store as smooth as possible (the less fields they have to fill out in the checkout the better), I did not force customer to create a user account and create a password.

    Instead, I have the settings of my WooCommerce store set so that it automatically creates a user account and automatically (checkmarks on both in WooCommerce settings).

    And I then include this information in the email the customer gets after creating the account (the Customer new account created email). In it, I say: To log in, use XXX as your ID and YYY as your password. (Using the {user_pass} field).

    This worked until WooCommerce 6.0, but now the email (unchanged) says (in the place where the password was shown before): “To get your password, click here” (and take them to the password request/reset page.

    I am not trying to unhash a password the customer has created himself and show it to him again. (As you might have possibly understood from my ambiguous question.)

    I am just trying to allow the customer to purchase without inputting his own password, create one for him automatically and then send it to him.

    Is that still possible?

    Thanks.

    Mirko P.

    (@rainfallnixfig)

    Hi @prwordpressorg,

    create one for him automatically

    A tweak was implemented with WooCommerce core 6.0.0 based on security experts’ opinions that sending a plain text password to customers via email is not a good practice. You can read more in the changelog here:

    https://github.com/woocommerce/woocommerce/blob/release/6.1/changelog.txt#:~:text=email%20password%20reset%20link%20instead%20of%20password%20for%20new%20customers

    There have also been discussions in Github related to this:

    * https://github.com/woocommerce/woocommerce/issues/31035
    * https://github.com/woocommerce/woocommerce/pull/31257

    If you want to revert back to the previous behavior you’d need to add a bit of additional coding. Custom coding goes beyond the scope of support we are able to provide in this forum.

    If you do require more help with the actual coding, we’d recommend hiring a developer or one of the customization experts listed at https://woocommerce.com/customizations/.

    Cheers.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Is it still possible to send passwords in New account created emails?’ is closed to new replies.

Tags