password

As of WordPress 4.4, the action lostpassword_post passes the $errors object: function wpse_185243_lastpassword_post( $errors ) { if ( ! $captcha_valid /* The result of your captcha */ ) { $errors->add( ‘invalid_captcha’, ‘<strong>ERROR:</strong> Try again sonny.’ ); } } add_action( ‘lostpassword_post’, ‘wpse_185243_lastpassword_post’ ); Pre 4.4 legacy answer Here’s the relevant code you’re referring to (retrieve_password() in … Read more

Your example works correctly. You are checking if password hello matches hashed hello – which it naturally does. Hadn’t thought it through. Your example causes following issue: You check if hello matches md5 of hello (instead of hash from user’s profile). It does and then WP thinks this is correct, but outdated md5 hash – … Read more

The check for a post password happens (for some reason) inside get_the_content(), which seems legit, but actually mixes together two separate concerns. You were right with the statement that there is no way to work around get_the_content() displaying the password form. Here’s what the check for the password does in core in detail: if ( … Read more

You could use if(!empty($post->post_password)){ // do some stuff } which is what the post_password_required() code does before checking the user’s credentials against the password itself.

Just figured it out. So thought to leave the solution here, if someone else need it: To change the default hashing system, need to overwrite wp_hash_password() function: (can be done in a plugin) if ( !function_exists(‘wp_hash_password’) ){ function wp_hash_password($password) { //apply your own hashing structure here return $password; } } Now you will need to … Read more

One solution would be to create a custom Page template for Pages that you intend to password protect. Start by creating your custom Page template, perhaps named template-password-protected.php, and add the Template: file-docblock tag at the top, like so: <?php /** * Template: Password-Protected */ ?> Now, add your basic Page template markup: <?php /** … Read more

When you select password protected option in page back-end, It by-default works for content only. i.e. the_content() But if you want to password protect whole page or have a custom template, you need to have the following structure. <?php global $post; get_header(); if ( ! post_password_required( $post ) ) { // Your custom code should … Read more

This will do it 🙂 add_action( ‘wp_print_scripts’, ‘DisableStrongPW’, 100 ); function DisableStrongPW() { if ( wp_script_is( ‘wc-password-strength-meter’, ‘enqueued’ ) ) { wp_dequeue_script( ‘wc-password-strength-meter’ ); } } I found the solution here.