Reset password page is confirming that the user exists

  • Hi,

    I’m working for a company with a very strict security policy and they require any website built for them with a ‘reset password’ form should ALWAYS return true. So basically if the username or email does not exist, I want to hide that information from the potential hacker and tell them that the email has been sent anyway – this is apparently best practice which I can kind of understand as it hides whether or not a given username/email is registered already on the website.

    How would I go about changing the behaviour of TML to conform to this policy?

    Thanks in advance!
    Kevin

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jeff Farthing

    (@jfarthing84)

    These messages are from WP core. You can look into overriding core errors or there are plugins that do this. Something like this will also be added to TML in the future.

    Thread Starter the_lar

    (@the_lar)

    OK, I will look into this route then Jeff. Do you know of any plugins off the top of your head that might work?

    Kevin

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Reset password page is confirming that the user exists’ is closed to new replies.