Is WordPress sent forgot password key like activation key

  • Anonymous User 16484011

    (@anonymized-16484011)


    6 years ago

    Hi !

    Is WordPress use forgot password key like sign up key !

    Let me explain you…

    what can I do with my site’s registration process. First I remove any link from signup mail template which redirect my users to blabla page for first time activating their new account. Instead of this I sent my new users to mail only key to their email when they use at the time of signup and after signup I redirect new users to the activate page which ask key from users which my system sent to their mail earlier on their mail. User must have to copy that key from their mail and paste it to activation page.

    My above system is working very fine as per my need.

    But I want to do the same with my forgot password process. I want when user click on forgot password link and enter their username or email than I want one of below option to do if possible or any plugin do ….

    1) User got an email same as per my above already worked registration process where my system sent and mail with the key and user must have to put that key on the page and they change their password.

    OR

    2) User got an email where my system automatically generate a password and sent on their email address. After that user wish to change their password they do the same after logging in with that password from their account

    OR

    3) In your mind have any idea Please let me know…

    The main purpose of that I don’t want to let you know the users about my site’s url. I know you think about Security and also think that if they have little knowledge than they have so many ways to know my site’s url. But trust me my all users don’t have that type of knowledge or if one of they have than I don’t care. I just want to do that because I want to do.

    If anyone have an idea or any of the plugin that they do the same than please let me know.

    Regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    Yes, it’s the same. If you look at the activation link, it contains action=rp query string. This is the same as password reset. On the wp-login.php page (line 627), case 'resetpass' : and case 'rp' : execute the exact same code.

    TBH, your scheme sounds like security theater to me. I don’t see how you gain any real extra security. What shortcoming are you trying to address? OTOH, if your scheme makes you or your users feel more secure, it’s worth something. It’s your site, you can do as you please with it. It doesn’t matter what I think.

    Thread Starter Anonymous User 16484011

    (@anonymized-16484011)

    Hi !

    Bcworkz,

    Thanks a lot for your subspecies time,

    I am beginner of WordPress. So, can you please tell me the same how can I do the same. As you answered I already know the same because I already edit an email template which sends users to only mail which has only an activation key But my problem is when they put that key and after putting that what my system do exactly that I don’t know. I guess 1) Is system redirect the user to set a new password page ? 2) OR System sent users to new password to their registered mail id ?

    Thanks

    Moderator bcworkz

    (@bcworkz)

    The page receiving the user’s key input should redirect to the reset password page so they can input their preferred password. You don’t want to assign passwords for users to use, plus it’s better security to not send passwords via email. The redirect URL needs to include the activation key that was input, basically recreate the initial link sent in the email that you altered. An URL similar to:
    httрs://example.com/wp-login.php?action=rp&key={ACTIVATION KEY}&login={USERNAME}

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Is WordPress sent forgot password key like activation key’ is closed to new replies.