passwords
-
Hi, I had a few questions regarding passwords and how they are handled in WP-Members.
I wanted to force users to use strong passwords but when I tried to add a plugin to do this – either it was ignoring WP-Members or WP-Members was ignoring it. I believe I have located the right script to edit (wp-members-register.php) where I might add my own strength checks – is this the correct place or is there some setting I am missing or should other plugins that check password strength be working?
Secondly I noticed that when someone forgets their password the system sends them a password in the clear to their email address – perhaps I am missing a setting somewhere but would prefer if it could be done using the user_activation key (like core WordPress is doing now – at least I believe so). I believe that the script handling this is wp-members-core.php – is this correct? – and/or have I also missed a setting? I am somewhat concerned about the security of sending a new password rather than a key that can be used or expired once a new password is set.
If you could point me in the right direction or correct any misunderstanding I might have that would be great.
Also I am also somewhat reluctant to start hacking at the code as any changes I make will be lost when the plugin is updated.
Thank you for your time on this matter.
- The topic ‘passwords’ is closed to new replies.