If its not for security, it seems odd to spend time on it. Rather ensure the password isn’t truncated using a simple javascript character limit on the field and then work within the basic functionality – as you’ve stated, they are saved as plain text anyway. Maybe you’re looking for an alternative way to protect … Read more
A simple solution is: wp user reset-password $(wp user list –field=user_login) got that from forcing all plugins update after a minor takeover: wp plugin install $(wp plugin list –field=name) –force
The check for a post password happens (for some reason) inside get_the_content(), which seems legit, but actually mixes together two separate concerns. You were right with the statement that there is no way to work around get_the_content() displaying the password form. Here’s what the check for the password does in core in detail: if ( … Read more
The easiest way to restore Super Admin privileges is to add a bit of code to your theme’s functions.php file to add yourself back: include(ABSPATH . ‘wp-admin/includes/ms.php’); $user = get_userdatabylogin(‘YOUR_USERNAME’); grant_super_admin($user->ID); Once your Super Admin privileges have been restored you can remove this code from your theme.
WordPress uses custom wp_mail function, so you won’t find it, if you’ll search for mail. Just take a look at line 248 of wp-login.php file: http://core.trac.wordpress.org/browser/branches/3.5/wp-login.php#L248 You should find retrieve_password_message filter call there. This is the filter that returns the content of reset password message. You should also check the implementation of wp_mail function, because … Read more
Here’s just a demo test for fun, just to see if this might be possible: Demo First we set the post’s password, the usual way: Then we create a custom field called wpse_extra_passwords that takes comma seperated passwords: These are the extra passwords for that post. Let’s define the following helper function, based on the … Read more
The password strength meter in the latest versions of WordPress uses a library called “zxcvbn”, made by Dropbox in 2012. The library is available for free on Github: https://github.com/dropbox/zxcvbn An explanation of the library is here: https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ But the short version is that it analyzes patterns in the password instead of being a simple “does … Read more
Its Not has hard as you think it is 🙂 Add the password fields to your form : password: <input type=”password” name=”pass1″ style=”width:250px; margin-bottom:3px;”><br /> repeat password: <input type=”password” name=”pass2″ style=”width:250px; margin-bottom:3px;”><br /> then in your if($_POST){ replace this line: $random_password = wp_generate_password( 12, false ); with this: $pass1 = $wpdb->escape($_REQUEST[‘pass1’]); $pass2 = $wpdb->escape($_REQUEST[‘pass2’]); if … Read more
You could use if(!empty($post->post_password)){ // do some stuff } which is what the post_password_required() code does before checking the user’s credentials against the password itself.
No the passwords won’t break (those are in the database and aren’t changed by changing the salt). However all logged-in users will have to login again. More on Salts here. Note: Updating your keys & salts will force all logged in users to log in again, because changing them automatically invalidates the login of any … Read more