It’s tempting to unhide the pass2
input but that’s not enough.
In the file /wp-admin/js/user-profile.js
the bindPass1()
binds it to pass1
that makes writing to it not possible. The pass2
input is then hidden in bindPasswordForm()
with $('.user-pass2-wrap').hide();
We can instead add our own input field to validate the password.
First we add it via the resetpass_form
action:
add_action( 'resetpass_form', function( $user )
{ ?> <p class="user-wpse-pass2-wrap">
<label for="wpse-pass2"><?php _e( 'Confirm new password' ) ?></label><br />
<input type="password" name="wpse-pass2" id="wpse-pass2" class="input"
size="20" value="" autocomplete="off" />
</p> <?php
} );
Then we use the validate_password_reset
hook to validate it:
add_action( 'validate_password_reset', function( $errors )
{
if ( isset( $_POST['pass1'] ) && $_POST['pass1'] != $_POST['wpse-pass2'] )
$errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
} );
This is just using similar code as we have in the wp-login.php
file.
This is how it looks in Icelandic, when there’s a mismatch:
Plugin
Create the plugin under:
/wp-content/plugins/wpse-confirm-password/wpse-confirm-password.php
and add the following code into that file:
<?php
/**
* Plugin Name: Confirm New Login Password
* Plugin URI: http://wordpress.stackexchange.com/a/262607/26350
*/
add_action( 'resetpass_form', function( $user )
{ ?> <p class="user-wpse-pass2-wrap">
<label for="wpse-pass2"><?php _e( 'Confirm new password' ) ?></label><br />
<input type="password" name="wpse-pass2" id="wpse-pass2" class="input"
size="20" value="" autocomplete="off" />
</p> <?php
} );
add_action( 'validate_password_reset', function( $errors )
{
if ( isset( $_POST['pass1'] ) && $_POST['pass1'] != $_POST['wpse-pass2'] )
$errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
} );
Then activate the plugin from the backend as usual.