Reset Password on Front-End or Auto-Generate

I am on a BuddyPress installation and I never take users to the backend of WordPress. That is a complete "no, no" on my website for security reasons.

My only problem is that if a user tries to reset their password, the email sent to them includes a link into WordPress back-end Reset Password Form.

I would rather have it just send them a new auto-generated password, because my theme doesn't have a front-end reset password form natively (unless there is some plugin for this). But I would be perfectly happy if I could somehow make WordPress/BuddyPress just send the user an email with a new auto-generated password, because you can already change your password on the front-end after logging in.

Does anyone know how I can accomplish this? Please respond as soon as possible. All support is appreciated.

  • signed_up

    @aristath

    <?php
    require_once( 'wp-load.php' );
    require_once( 'wp-includes/wp-db.php');
    require_once( 'wp-includes/registration.php');
    
    function change_password($userdata) {
    $ID = (int) $userdata['ID'];
    
    $user = get_userdata($ID);
    
    $user = add_magic_quotes(get_object_vars($user));
    
    if ( ! empty($userdata['user_pass']) ) {
    $plaintext_pass = $userdata['user_pass'];
    $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
    }
    
    wp_cache_delete($user[ 'user_email' ], 'useremail');
    
    $userdata = array_merge($user, $userdata);
    $user_id = wp_insert_user($userdata);
    
    $current_user = wp_get_current_user();
    if ( $current_user->id == $ID ) {
    if ( isset($plaintext_pass) ) {
    wp_clear_auth_cookie();
    wp_set_auth_cookie($ID);
    }
    }
    
    return 'Password changed';
    }
    
    //set the parameters for the user you want to change the password (ID and new password)
    
    $user['ID'] = 1;
    $user['user_pass'] = '123456';
    
    echo change_password($user);
    
    ?>

    Thanks, but where should I enter this code snippet? After telling me the answer to this, I'll be able to test it in the evening. If it works, I'll mark as resolved. If not, I'll follow-up through this thread.

  • signed_up

    @aristath

    Additionally (answer questions from previous post, too), I am using wpMandrill for transactional emails on my WordPress installation, because my host doesn't support the php mail() function. Is this code snippet compatible? Do I need to do something with SMTP here? Not really sure...

    I have another question about the below code snippet from the complete code that I am supposed to add in the ???? (don't know which file yet):

    //set the parameters for the user you want to change the password (ID and new password)
    
    $user['ID'] = 1;
    $user['user_pass'] = '123456';

    Is there a reason why the $user['ID'] is mentioned? Is this changing? Why does it equal "1"?

    UPDATE: I wanted to add that I am resetting the password from WP Modal Login plugin's interface? wpMandrill integrates right into the reset password email that is currently sent from this plugin. URL for a demo and more information about plugin is below:
    http://wp-modal-login.colegeissinger.com/

  • aristath

    @signed_up
    The mandrill plugin has nothing to do with your other plugins. It simply changes the method used by WordPress to send ALL emails, regardless where they come from. So you needn't worry about that.

    As for that block of code above, to be honest I don't know where it goes! I just found it and everyone was saying that it worked so I thought I'd post it here in case it could help you too.

    Are you by any chance using BuddyPress? If you are not, I think that this functionaliy is included in there by default if you enable profiles...

    Cheers,
    Ari.

  • signed_up

    @aristath

    I am using BuddyPress, but the lost password still takes you to the back-end reset password form of WordPress to some "wp-login" looking URL.

    If a user knows their password and wants to change it, they can always sign in and go to profile settings to change it.

    Is there any way that you could find out where to enter the code to generate a new password for the user when they click Lost Password, instead of a reset form?

  • signed_up

    @aristath

    Just thought of something, but might not work. Maybe...just maybe, no custom coding is needed. I have made a lot of translations (still english, just changing wording) in the Official BuddyPress POT on my website. Do you think it's possible to change the text of the email that BuddyPress sends users when they try and reset their password and make it send them their actual password.

    I think this might be possible using one of those shortcode/placeholder values that are used often in the language files.

    For example:

    %1$s wants to add you as a friend.\n
    \n
    To view all of your pending friendship requests: %2$s\n
    \n
    To view %3$s's profile: %4$s\n
    \n
    ---------------------\n

    %1$s` represents the person who wants to add you as a friend and the person's name/username is filled into the actual email.

    Do you think this is possible to do with a user's password? Not really sure, but thought you'd know better.
    --------------------------------------------------------------------------------------
    I know this doesn't auto-generate a new password for the user, but if it's the only option, I'd be okay with it. I would still rather have a new auto-generated password sent to the user — like the code snippet below (you provided it earlier) does.
    --------------------------------------------------------------------------------------

    <?php
    require_once( 'wp-load.php' );
    require_once( 'wp-includes/wp-db.php');
    require_once( 'wp-includes/registration.php');
    
    function change_password($userdata) {
    $ID = (int) $userdata['ID'];
    
    $user = get_userdata($ID);
    
    $user = add_magic_quotes(get_object_vars($user));
    
    if ( ! empty($userdata['user_pass']) ) {
    $plaintext_pass = $userdata['user_pass'];
    $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
    }
    
    wp_cache_delete($user[ 'user_email' ], 'useremail');
    
    $userdata = array_merge($user, $userdata);
    $user_id = wp_insert_user($userdata);
    
    $current_user = wp_get_current_user();
    if ( $current_user->id == $ID ) {
    if ( isset($plaintext_pass) ) {
    wp_clear_auth_cookie();
    wp_set_auth_cookie($ID);
    }
    }
    
    return 'Password changed';
    }
    
    //set the parameters for the user you want to change the password (ID and new password)
    
    $user['ID'] = 1;
    $user['user_pass'] = '123456';
    
    echo change_password($user);
    
    ?>

    Did you ever find out where to enter this? Does it change the user's password to "123456"? Hopefully not, because if someone found out, they could just click reset password and then use "123456" on anyone's account immediately. If this is the case, could we use the wp_generate_password() function instead to generate a random password.

    All in all, I realize that normal WordPress (without BuddyPress) auto generates a new password and emails it to the email address associated with the user account. For some reason, BuddyPress doesn't do this and sends an email with a link to a reset password form by default.

    Is there any way to make it so that BuddyPress uses the default WordPress method for resetting passwords — emailing users an auto-generated password when requested?

    Please respond as soon as possible. All help is appreciated. Sorry about this message being quite lengthy.

  • aristath

    All in all, I realize that normal WordPress (without BuddyPress) auto generates a new password and emails it to the email address associated with the user account. For some reason, BuddyPress doesn't do this and sends an email with a link to a reset password form by default.

    WordPress does that for NEW users, not when someones forgets their password. There's a reason for that and that is security! You can't email passwords to users when they lose them.. even auto-generated ones!
    Using it the way you want it would be a severe security risk, that's why it is not implemented anywhere!

    I honestly don't know how the above code works, I just found it and posted it for you in case that helped you.
    You can use it in your theme's functions.php but I really don't know what to do with it...

    Cheers,
    Ari.

  • signed_up

    @aristath

    Using it the way you want it would be a severe security risk, that's why it is not implemented anywhere!

    I've seen this being done on many websites — not specifically, WordPress ones. Can you explain the security risk involved?

    I honestly don't know how the above code works, I just found it and posted it for you in case that helped you.

    Could you tag someone who can look over the code snippet and tell me what it exactly does/how it works? This would be really appreciated.
    -----------------------------------------------------------------------------------------
    For any chance, is there/do you know of a placeholder/value (as described in last
    post) for the user's password? --> This is more about the editing the language file method.
    ----------------------------------------------------------------------------------------
    Basically, now my main request for support is:
    How can I allow users to reset their password without using the default WordPress reset password form? --> and I don't mean styling the default WordPress form pages (register, login, wp-admin). I have done that using Ultimate Branding and login css:
    https://premium.wpmudev.org/blog/customize-wordpress-login/

    I was more looking for a solution that doesn't use the default WordPress forms at all. Maybe like something that is just a form that fits into my theme or a bland-textbox-like form on an almost empty page of my website. I would rather do something like this to hide the fact that I am using WordPress for security reasons (same reasons i have my wp-admin/wp-login/back-end url's changed). It doesn't need to look beautiful or anything — just needs to serve it's purpose and not give away "WordPress".

    I don't even require a reset password form. Any sort of method for users to reset their password that is secure and doesn't show "WordPress" is good for me. If this is not your expertise/area you feel comfortable with, feel free to tag any staff member/developer who you think can help with this.

    Respond as soon as possible. Thanks in advance. Hope you (or another WPMU Dev staff member) can help!

    UPDATE: Open to any solutions: code additions, plugins, ANYTHING!

  • aristath

    I've seen this being done on many websites — not specifically, WordPress ones. Can you explain the security risk involved?

    The fact that this practice is being used on many sites doesn't mean that it's secure, it just means that these sites are probably not well-thought! See for example this post for some explanations on the security implications of this: http://stackoverflow.com/questions/1102781/best-way-for-a-forgot-password-implementation/11618888#11618888

    just needs to serve it's purpose and not give away "WordPress".

    You can change the URL of wp-login.php using this tutorial: http://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
    If you've changed the theme of the login screen, then the URL is the only part of this form that gives away WordPress. Using login forms like that is something that users are familiar with and in most cases even expect! look for example at these:
    https://foursquare.com/login
    https://www.last.fm/login
    https://twitter.com/account/resend_password

    Structurally they are pretty much the same as the default WordPress login form... That is why though my searches I couldn't find anyone that has ever bothered changing it! It's just a pretty well-thought structure that works, is secure and the login/register/password-reset screens can be heavily customized already to look like anything you might imagine!

    I hope that helps...

    Cheers,
    Ari.

  • aristath

    I'm afraid I haven't used the Better WP Security so I don't really know what could be wrong with it.
    However you can change the URLs using some .htaccess rules...
    There are 2 ways a .htaccess file can handle these.. either by doing some redirects or by rewriting the URLs.
    It looks like the Better WP Security plugin is doing redirects instead of rewrites in your case (I don't know if this is the default behavior of the plugin or just a fallback because it can't get rewrites to work on your server).
    Is your server using apache or nginx?
    If it's an apache server then you should be able to find an asnwer to your question jus by doing a simple google search!
    If it's an nginx server however, .htaccess rules will not work and you might have to dig a bit deeper as nginx's configuration can be a bit trickier.

    Please advise,
    Ari.

  • aristath

    @signed_up I'm afraid that no, we won't be able to change anything since it's on a managed nginx server.
    Perhaps you could simply contact WP Engine's support and ask them if they can do anything to mask these URLs for you?
    It's not that difficult, all that has to be done is adding some lines in the nginx configuration file. Without knowing their infrastructure though I'm afraid I won't be able to answer any questions on if it's doable or not, only they can answer that!

    Cheers,
    Ari.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.