Theoretically No! But practically Yes! Every new framework/CMS now implements some sort of library that adds randomness to the actual password. Its a randomly generated salt in form of a random string or time, etc. That is saved along with the hash password in database. Since theoretically, a collision can occur in any cryptographic function … Read more
The filter is there so you don’t need to edit wp-login.php, simply use add_filter. Put something like function change_password_reset_mail_body($message, $key, $user_login, $user_data) { return “click here: ” . network_site_url( “wp-login.php?action=rp&key=$key&login=” . rawurlencode( $user_login ), ‘login’ ); } add_filter(“retrieve_password_message”, “change_password_reset_mail_body”, 10, 4) In your theme’s functions.php.
You can add the following to your functions.php to achieve what you are after. The action init doesn’t seem to fire in time for what you are looking for. if($_GET[‘action’]===’rp’ && strpos($_SERVER[‘REQUEST_URI’],’wp-login.php’)) { $key = isset( $_GET[‘key’] ) ? $_GET[‘key’] : ”; $login = isset( $_GET[‘login’] ) ? $_GET[‘login’] : ”; wp_redirect( site_url( ‘/reset-password/’ ) … Read more
To get MD5 password in user listing column, you have to get user_pass using get_userdata(). see below example how to get user_pass from get_userdata() add_action(‘manage_users_custom_column’, ‘cmr_supwd_show_upwd_col_data’, 10, 3); function cmr_supwd_show_upwd_col_data($value, $column_name, $user_id) { $user = get_userdata( $user_id ); if ( ‘user_pass’ == $column_name ) return $user->user_pass; return $value; }
This is technically challenging. WordPress must have access to your DB password in plain text. Having access to the wp-config.php contents is already a breach of security in progress. There are alternate approaches to configuration, such as loading credentials via environment variables, but in practice they are used exceedingly rarely because PHP’s configuration file is … Read more
Your function will never “get” $post as this is not how functions work. Functions cannot pull anything into itself by itself. If you have debug turned on, you will get a definite bug notice that $post in undefined….. You would need to invoke the $post global inside your function for anything to work that relies … Read more
One plugin-free layer of protection you could implement is to route your traffic through a site like CloudFlare that has built in brute force protection. The free version is a great layer of protection with paid tiers if you need the added features. I have used this for several of my sites. I am with … Read more
Is this something that could work for you? /** * Hooks before login and filters out the CPF mask if it exists */ add_action( ‘wp_authenticate’ , ‘somos_filter_username’ ); function somos_filter_username() { $cpf = preg_replace(‘/[^0-9]/is’, ”, $_POST[‘user_login’]); if (is_valid_cpf($cpf)) { return $cpf; } }
From WordPress Tavern – the article is for WordPress password-protected posts but the final paragraph reads: This update only affects password-protected posts. WordPress user passwords don’t share the same length restrictions and can be upwards of 1,000 characters long if so desired.
If I choose to leave this up to WP, what should I actually put in wp-config.php? Sounds like something you can easily find out. My guess: if you don’t have the define(‘AUTH_KEY’, ..) etc. statements, the system will not work. Some sources (this SO answer, for example) appear to state that putting the keys and … Read more