I’m the author of the linked article (thanks for the shout-out, by the way). The WordPress function that does the hashing is wp_has_password() and, by default, it will run the password through 8 rounds whatever the “best” algorithm the server makes available to PHPass is. WordPress, again by default, uses MD5. However you can also … Read more
I’ve used the following to protect individual pages: First add a field to the Publish Metabox: add_action( ‘post_submitbox_misc_actions’, ‘my_post_submitbox_misc_actions1’ ); function my_post_submitbox_misc_actions1(){ echo ‘<div class=”misc-pub-section my-options”> <input type=”checkbox” id=”fgpsn_protected_content” name=”fgpsn_protected_content” value=”true”‘; if ( get_post_meta(get_the_ID(), ‘fgpsn_protected_content’, true) == ‘true’ ){ echo ‘ checked’; } echo ‘> <label for=”fgpsn_protected_content”>FGPSN Content</label></div>’; } Then save the meta data – … Read more
If you’re just wanting to add them to a mailing list, you really don’t need to create a user account for them. Just use something like this: http://wordpress.org/extend/plugins/mail-list/ or Gravity Forms to capture their email addresses. The fact that you then say “to allow the user to buy on this website” seems to suggest that … Read more
You are using the user email as the user login. Your code, formatted for readability, looks like: $resetQuery = $wpdb -> query( $wpdb -> prepare( “UPDATE wp_users SET user_pass = %s, user_activation_key = ” WHERE user_login = %s AND user_activation_key = %s”, $hashedPwd, $useremail, $key ) ); The $useremail argument matches the user_login = %s … Read more
If you have WP CLI, this is how you would make the user ‘bob’ an administrator: wp user set-role bob administrator
You somehow changed user_login to your password hash. user_login should be luofeiyu
You can reset it in phpmyadmin if it’s your own site by using a utility to replace it in the database. Search for ‘WordPress password generator’ and this should show you the way. If it’s not your site, contact the administrator or check your spam. Obviously if there’s a site admin you know, get them … Read more
When you create a page and assign it to “Page for post” in Settings->Reading, it is not considered a page anymore but an archive. Taht is why standard password protection doesn’t work. You will need to build the latest posts page at your own, for example using a page template and/or pre_get_posts action.
You can use .htaccess to protect your wp-login.php. The Codex describes how to do so. There are also some plugins which do that job for you, finding and choosing a good one is up to you.
By default when a users submits a password reset from wp-login.php, reset_password is called. In user.php, reset_password() triggers the password_reset hook where you can see the plain text version before it is set. And the same for after_password_reset. add_action( ‘password_reset’, ‘my_password_reset’, 10, 2 ); function my_password_reset( $user, $new_pass ) { // Do something before password … Read more