New Site User Not Sent Password

I just discovered that new users who create a site upon registration are not sent their password in the Welcome Email configured on the Network "New Site Settings" page. Is this normal Behavior? If so, how can I send new bloggers their password?

NOTE: New users of our network who do not create a site, are sent the "Welcome User Email" that does include their password. Users who create a site upon registration are sent the "Welcome Email" with no password - instead the email reads: "Password: (your current password)". Users who create a site are not sent the Welcome user Email.

I thought this may have been an issue with using the Remove Email Verification plugin, but I just confirmed the same results with that deactivated.

New Site Settings for both Welcome Email and Welcome User Email use the PASSWORD shortcode in the message content, however, the former converts the code to say "(your current password)" while the latter converts the code to the user's actual password, as expected.

So, a user who creates a site never receives their password via email. This could explain why many of our new bloggers never post anything.

With Remove Verification Email Activated, the user who creates a site is presented their password on screen immediately after registration, but if they don't copy that, they never have a record of their password. And there s no way to edit the message on that page displaying their password.

Screenshots to follow...

Thanks in advance for any feedback!

  • Kasia Swiderska
    • Support nomad

    Hello jcnjr,

    I just make a quick test on my multisite and password for new site owner was send correctly in the Welcome email. So there has to be something on your site that is causing that change.
    Can you enable support so I could take a look? Maybe there is some plugin that has this option hidden in settings.

    Would you mind allowing support access so we can have a closer look at this?
    To enable support access you can follow this guide here:
    https://premium.wpmudev.org/docs/getting-started/getting-support/#chapter-5

    Please respond in this ticket once access is granted.

    kind regards,
    Kasia

  • jcnjr
    • HummingBird

    Thanks for the reply! I am currently performing other work on the site and will revisit this issue once that is complete.

    FYI: We also use Anti-Splog and Pro Sites in addition to Remove Verification Email, so please test this configuration combination in the meantime, if possible.

  • jcnjr
    • HummingBird

    Kasia Swiderska

    Thank you for your patience, I appreciate any help on this!

    I have granted Support access at tripawds.com and also on our dev install at tripawds.net. I just tested new site creation on the .net site, and the PASSWORD is being sent in the Welcome Email. New users with sites at the .com are still getting (your current password) inserted into Welcome Email. The Welcome User email includes the PASSWORD on both sites.

    Please feel free to create new user and/or site registrations on either site. I can't figure out what difference might be causing this issue on one site but not the other.

  • Kasia Swiderska
    • Support nomad

    Hello jcnjr,

    I'm checking .com site, but I'm getting:

    Your access to this site has been limited

    Your access to this service has been temporarily limited. Please try again in a few minutes. (HTTP response code 503)

    Reason: Access from your area has been temporarily limited for security reasons

    from WordFence. Can this be disabled? If that is geo-blocking, I'm connecting from Estonia now.

    kind regards,
    Kasia

  • jcnjr
    • HummingBird

    WordFence...I'm connecting from Estonia

    Sorry about that! I hate blocking countries, but we were forced to do so after being the target of numerous attacks originating from the Eastern Bloc and Baltic states.

    I have removed the Estonia block at tripawds.com and there are no country blocks enabled at tripawds.net.

    Thanks in advance for any additional feedback.

  • jcnjr
    • HummingBird

    Kasia Swiderska said:

    On your live site, you have plugin new_user.php...What does that plugin do

    Hmmm...sorry, I thought that was also on the live site. This dates back to our original WPMU install, and was developed with help from an early WPMU Dev guru.

    It adds any new user of the network as a user of site ID 1 (our main site), so they can participate in our discussion forums and live chat.

    Here it is in its entirety:

    function tri_new_user($user_id) {
    add_user_to_blog('1', $user_id, 'subscriber');
    }
    add_action( 'wpmu_new_user', 'tri_new_user');
    
    function tri_new_blogger($blog_id, $user_id) {
    add_user_to_blog('1', $user_id, 'subscriber' );
    }
    add_action( 'wpmu_new_blog', 'tri_new_blogger', 10, 2 );

    Please advise if this is no longer necessary with the current version of WordPress multisite. We do need anyone who registers, via any site on the network, to be added as a user on the main site. FYI: While 99.5% register via the main site, some do periodically register via one of our featured blogs.

  • Kasia Swiderska
    • Support nomad

    Hello jcnjr,

    I asked what this plugin does to check if it might alter email sent from your network. I also tested this code on my site, just in case, and it is not the culprit.
    And yes, you will still need that code.

    I checked also a few plugins that are on live site and not on the dev site, but with them also I wasn't able to replicate this issue.
    I'm going to check with developers if there is code that can be used to check if there are any filters on the outgoing emails that could change PASSWORD to something else than a real password.

    I have checked also settings of other plugins, but I haven't found anything suspicious.

    kind regards,
    Kasia

  • Kasia Swiderska
    • Support nomad

    Hello jcnjr,

    I checked this part of the code and this only applies for users with multiple blogs. So this part of the code checks if the user has more than one blog and then changes PASSWORD to (your current password) because that new password would not work for them.
    Are you sure that this is happening for very new users and not existing users that are opening new blogs?
    I tried to register as a new user on your live site, however, I wasn't able to do that - registration page reloads every time. Have you seen that issue before?

    kind regards,
    Kasia

  • jcnjr
    • HummingBird

    Thanks for the update Kasia Swiderska .

    As I originally explained, the issue of "Your Current Password" being inserted in the Welcome email occurs for any new user who creates a site upon registration. The actual password is sent in the Welcom User email if no site is created upon registration.

    Since, as we discussed above, we are using the new_user.php mu plugin to add all new users to the main site, my guess is that is happening first so Pro Sites fires thinking the site created is a multiple blog as you explain.

    And yes, this occurs for every new user who creates a site. Our members never (or very rarely) create multiple sites.

    How can we ensure the password gets sent to our new users creating a site upon registration?

  • Kasia Swiderska
    • Support nomad

    Hello jcnjr,

    I'm sorry for the confusion on my side.
    Please try this file I'm attaching.
    Uzip it and replace this one here:
    /pro-sites/pro-sites-files/lib/ProSites/Helper/Registration.php

    I've tested it on my site and it allows to send the password to new users that are also registered to the main site. But if there is a case that member will try to create a new blog (a second one) it should then work without sending a new password.

    kind regards,
    Kasia

  • jcnjr
    • HummingBird

    Kasia Swiderska said:

    Please try this file...

    Yes! Thank you...

    With the Registration.php file replaced, a new user creates a site upon registration and is sent the password. Fantastic.

    And, just to confirm this is expected behavior: when an existing user created (added) a second site, no email was sent at all. Which is fine, just making sure that is to be expected.

    Can we presume that this edit will make it into a future Pro Sites update?

  • Kasia Swiderska
    • Support nomad

    Hello jcnjr,

    And, just to confirm this is expected behavior: when an existing user created (added) a second site, no email was sent at all. Which is fine, just making sure that is to be expected.

    Not really, can you try this new file I'm attaching?

    Can we presume that this edit will make it into a future Pro Sites update?

    I'm afraid most probably it will not. Your case is specific and we rather avoid adding changes for only one site. I can check however with the developer if there could be a filter for this action, so it can be changed outside the plugin code.

    kind regards,
    Kasia

  • jcnjr
    • HummingBird

    Kasia Swiderska said:

    try this new file I'm attaching...

    This new patch also did not send an email when an existing user creates a second site, AND the issue of "Your Current Password" being inserted into the welcome email returned. So, I have reverted to using the previous patch provided above.

    This is an adequate solution. Our users very, very rarely ever create another site. And if they do, it is usually by accident.

    I'm afraid most probably it will not. Your case is specific...

    This is perfectly understandable.

    I can check however with the developer if there could be a filter for this action, so it can be changed outside the plugin code.

    This would be great! That would save me from forgetting all about this if Pro Sites is ever updated.

    Please thank the developers for their time on this. I will mark the topic Resolved, once I know if I can implement the patch outside core plugin code.

  • Kasia Swiderska
    • Support nomad

    Hello jcnjr,

    I'm afraid it was not included into Pro Sites as it was specific case scenario. But I do have a code that can be used as mu-plugin:

    add_action( 'init', function(){
        remove_filter( 'update_welcome_email', array( 'ProSites_Helper_Registration', 'alter_welcome_for_existing_users' ), 10, 6 );
    }, 99 );

    let me know if this will work for you.

    kind regards,
    Kasia

  • jcnjr
    • HummingBird

    Kasia Swiderska said:

    let me know if this will work for you.

    Created a new user, and new site at the same time. User was sent New Site Notification email which included the username and password, but was not sent the New User account email.

    Created a new user with no site. User received New User Notification email with credentials.

    This works for me!

    Thank you for the help on this, and getting together an mu-plugin solution so I don't have to worry about hacking every update.

    Cheers. #resolved

  • jcnjr
    • HummingBird

    Sorry Kasia Swiderska - I need to open this back up as it's a good a place as any to start with what I believe is a related issue...and, you have been such a great help!

    I just discovered that new bloggers on our network are unable to log in to their sites with the password they are sent. I believe this is because the link they are sent in the email (and onscreen after sign-up) is http and not https while we force https across the network with a wildcard SSL certificate implemented via Really Simple SSL.

    How can I ensure the links to new sites given to new users, on screen and in the email are http and not https. If I manually edit the URL to https, a new user can log in, but login simply fails otherwise. The issue occurs whether or not the mu-plugin you provided above is active or not.

    If I need to start a new topic, please advise.

    Thank you!

  • jcnjr
    • HummingBird

    FYI: The Welcome Email template in Network Settings uses the following to write the login link

    Login Here: BLOG_URLwp-login.php

    I have checked Really Simple SSL settings which confirm all subsite home and blog URLs are HTTPS, yet the link being provided is sent with http. Am I missing a multisite setting somewhere?

  • jcnjr
    • HummingBird

    I do notice that the Network Dashboard Sites tab for new sites indicates http for Site and Home URLs.

    this clearly started just a few weeks ago, as only our most recent sites are getting assigned the http, while nearly all previous sites were assigned https.

    Screenshots attached of Network Sites and Really Simple SSL Sites.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.