First of all you need to find out which hashing algorithm has been used on the Joomla site to store the passwords. Joomla – different to Worpdress – ships with a variety of hashing algorithms. If you have found out how the hashes have been generated, you can port the hashing function over into wordpress … Read more
Just figured it out. So thought to leave the solution here, if someone else need it: To change the default hashing system, need to overwrite wp_hash_password() function: (can be done in a plugin) if ( !function_exists(‘wp_hash_password’) ){ function wp_hash_password($password) { //apply your own hashing structure here return $password; } } Now you will need to … Read more
I wonder if you’re looking for this one: /** * Fires after the user’s password is reset. * * @since 4.4.0 * * @param object $user The user. * @param string $new_pass New user password. */ do_action( ‘after_password_reset’, $user, $new_pass ); It was introduced in WordPress 4.4 and lives within the reset_password() function. The after_password_reset … Read more
WordPress FTW! It actually works this way out of the box. If you use the same password on multiple pages, it only has to be entered once.
You can save this information on your wp-config.php file: define(‘FTP_HOST’, ‘ftp_host’); define(‘FTP_USER’, ‘ftp_username’); define(‘FTP_PASS’, ‘ftp_password’); More info (WordPress Codex)
Investigating the filter authenticate, we can find that it is called inside the function wp_authenticate, which is a pluggable function. That means that it can be replaced by one of our own making. This is the original function, plus a marked entry point: function wp_authenticate($username, $password) { $username = sanitize_user($username); $password = trim($password); $user = … Read more
After much research, I finally turned to examining the WordPress core file wp_login.php hoping that WP would show how they do it in a non-obtuse manner. From the information around line 331 (WP 4.6.1), I put together the following code. <?php global $gw_activate_template; extract( $gw_activate_template->result ); $url = is_multisite() ? get_blogaddress_by_id( (int) $blog_id ) : … Read more
One solution would be to create a custom Page template for Pages that you intend to password protect. Start by creating your custom Page template, perhaps named template-password-protected.php, and add the Template: file-docblock tag at the top, like so: <?php /** * Template: Password-Protected */ ?> Now, add your basic Page template markup: <?php /** … Read more
Well, ended up fixing this after hours of banging my head against ones keyboard. Fixed by making the first parameter of my hooked function a value instead of a reference – curious when nearly all hooks in wordpress pass the error object by reference! function validatePasswordReset( &$errors, $userData ) { return validateComplexPassword( $errors ); } … Read more
When you set a post as password protected, the protection happen on get_the_content() function. There WordPress check for a post password cookie, and if not set, not valid or expired then show the password form. This password form is submitted to wp-login.php, there a cookie is setted according to the password wrote in the form, … Read more