WordPress uses custom wp_mail function, so you won’t find it, if you’ll search for mail. Just take a look at line 248 of wp-login.php file: http://core.trac.wordpress.org/browser/branches/3.5/wp-login.php#L248 You should find retrieve_password_message filter call there. This is the filter that returns the content of reset password message. You should also check the implementation of wp_mail function, because … Read more
Here’s just a demo test for fun, just to see if this might be possible: Demo First we set the post’s password, the usual way: Then we create a custom field called wpse_extra_passwords that takes comma seperated passwords: These are the extra passwords for that post. Let’s define the following helper function, based on the … Read more
The password strength meter in the latest versions of WordPress uses a library called “zxcvbn”, made by Dropbox in 2012. The library is available for free on Github: https://github.com/dropbox/zxcvbn An explanation of the library is here: https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ But the short version is that it analyzes patterns in the password instead of being a simple “does … Read more
Its Not has hard as you think it is 🙂 Add the password fields to your form : password: <input type=”password” name=”pass1″ style=”width:250px; margin-bottom:3px;”><br /> repeat password: <input type=”password” name=”pass2″ style=”width:250px; margin-bottom:3px;”><br /> then in your if($_POST){ replace this line: $random_password = wp_generate_password( 12, false ); with this: $pass1 = $wpdb->escape($_REQUEST[‘pass1’]); $pass2 = $wpdb->escape($_REQUEST[‘pass2’]); if … Read more
You could use if(!empty($post->post_password)){ // do some stuff } which is what the post_password_required() code does before checking the user’s credentials against the password itself.
No the passwords won’t break (those are in the database and aren’t changed by changing the salt). However all logged-in users will have to login again. More on Salts here. Note: Updating your keys & salts will force all logged in users to log in again, because changing them automatically invalidates the login of any … Read more
First of all you need to find out which hashing algorithm has been used on the Joomla site to store the passwords. Joomla – different to Worpdress – ships with a variety of hashing algorithms. If you have found out how the hashes have been generated, you can port the hashing function over into wordpress … Read more
Just figured it out. So thought to leave the solution here, if someone else need it: To change the default hashing system, need to overwrite wp_hash_password() function: (can be done in a plugin) if ( !function_exists(‘wp_hash_password’) ){ function wp_hash_password($password) { //apply your own hashing structure here return $password; } } Now you will need to … Read more
I wonder if you’re looking for this one: /** * Fires after the user’s password is reset. * * @since 4.4.0 * * @param object $user The user. * @param string $new_pass New user password. */ do_action( ‘after_password_reset’, $user, $new_pass ); It was introduced in WordPress 4.4 and lives within the reset_password() function. The after_password_reset … Read more
WordPress FTW! It actually works this way out of the box. If you use the same password on multiple pages, it only has to be entered once.