My WordPress password for admin account is changing automatically

Do you use elementor? It could be this: “The critical-severity flaw is tracked as CVE-2023-32243 and impacts Essential Addons for Elementor versions 5.4.0 to 5.7.1, allowing unauthenticated attackers to arbitrarily reset the passwords of administrator accounts and assume control of the websites.”

Bypass a WordPress Password Protected Page via url

In case somebody needs help about my topic, I’ve fixed the notice error by modifying the original code as following: // BYPASS PASSWORD PRETECTED PAGE URL add_filter( ‘post_password_required’, function( $returned, $post ) { if ( !is_admin() ) { if (strpos($_SERVER[‘REQUEST_URI’], ‘pwd’) !== false){ if( $returned && ( $_GET[‘pwd’] == $post->post_password ) ) $returned = false; … Read more

How can I redirect the user to the page they were on when they clicked “Lost Password” using “retrieve_password_message” filter

Figured it out. I just needed to be using $_SERVER[‘HTTP_REFERER’] instead: //Modify password reset message and include redirect to referring page add_filter( ‘retrieve_password_message’, ‘collab_retrieve_password_message’, 10, 4 ); function collab_retrieve_password_message( $message, $key, $user_login, $user_data ) { $site_name = wp_specialchars_decode( get_option( ‘blogname’ ), ENT_QUOTES ); $message = __( ‘Someone has requested a password reset for the following … Read more

Can you alter the default wordpress strong password requirements?

See the answer here , which states Currently it’s not possible to change the strength requirements of the password. You can only deactivate it the functionality completely by dequeueing the password script: add_action( ‘wp_print_scripts’, ‘DisableStrongPW’, 100 ); function DisableStrongPW() { if ( wp_script_is( ‘user-profile’, ‘enqueued’ ) ) { wp_dequeue_script( ‘user-profile’ ); } } For … Read more