ChigeeDK

Obviously I simply removed the {user_password} tag from the email, but that was not my point.

My point was, that it seems very counter-intuitive that the user is automatically signed in to the my-account page – without knowing what the password is.

Then we send a welcome email saying that the user needs to create a password, they click the {set_password}-link and go to the my-account page in the browser – where the user is already signed in with the “unknown password” – then the set password link doesn’t work…

Obviously, in a different scenario, when the user signs out, he doesn’t know the password and can’t sign in again.

It is just a very broken UX in my opinion…

Update:

I just tried creating a user account from the WooCommerce my-account page, and in this scenario the user is directly signed in on the my-account page, and the user receives an email with the username and password in clear text – as mentioned before.

But it seems very counter-intuitive that the user is automatically signed in without knowing the password (since we shouldn’t send it in the email), and then we send an email with a reset password link?

So what you’re saying is that I should modify the email template (New account) to always show the set/reset password link instead of the {user_password}?

That would probably align with a text that always says “You need to use this link to change your password before you can log in to your account”.

PS: As I mentioned, the default email template for New account contains the tag {user_password}, which I don’t understand, since I agree 100% that passwords should never be sent in clear text.

Okay.