[wp-trac] [WordPress Trac] #31787: Password Reset Form Improved Error Messages

WordPress Trac noreply at wordpress.org
Fri Mar 27 23:37:40 UTC 2015 

#31787: Password Reset Form Improved Error Messages
-------------------------------------+------------------------
 Reporter:  mrtortai                 |       Owner:
     Type:  defect (bug)             |      Status:  closed
 Priority:  normal                   |   Milestone:
Component:  Login and Registration   |     Version:  trunk
 Severity:  normal                   |  Resolution:  duplicate
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+------------------------

Comment (by johnjamesjacoby):

 I like the idea of modifying this verbiage to be less revealing. I agree
 there is a balance between helpfulness and obfuscation, but the internet
 is a bit older than it was when this phraseology was decided upon, and (I
 hope) our average user is a bit wiser than (we all were) back then.

 We don't need to completely lose WordPress's helpful personality, but I
 don't think it's a necessarily a great idea for the default experience to
 be to provide helpful hints at guessing ones way into the system.

 > If I can't get into my own site, who do I turn to?

 You turn to the software you rely on to power your website. Simply request
 to reset your password, and it will send an email to the address you
 provided. If you no longer have access to that email address, you likely
 have other problems.

 > Username is not a secret.

 WordPress conveniently separates the duties of logins and author slugs
 into `user_login` and `user_nicename` columns in the database. Our canned
 response has always been "nice-names & logins are not customizable" and
 while accurate, I think it's also not ideal.

 The reality is there is little harm in allowing users to modify their
 logins or slugs, and the code to introduce this functionality into
 WordPress core is relatively trivial. Other considerations might be:

 * Login with email instead (one great plugin does this really well)
 * Limit the number of login & nicename changes (default to 1?)
 * Two factor magic-link style logins in core
 * Plugins like BuddyPress & bbPress that provide literal profile pages
 using the nicename
 * Existing plugins for modifying author archive & user slugs

 The stance has always been that these are plugin territory, and I agree
 that they always have been, but I'm proposing that maybe they shouldn't
 always be going forward, and we should look for ways to modernize this
 area of WordPress.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31787#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list