[wp-trac] [WordPress Trac] #34236: Better passwords - differences between setting and resetting password?

WordPress Trac noreply at wordpress.org
Fri Oct 9 18:48:10 UTC 2015 

#34236: Better passwords - differences between setting and resetting password?
--------------------------+-----------------------------
 Reporter:  pavelevap     |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  trunk
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 1) When user registers on a site, there is notification email "Your
 username and password info" which contains 2 URL addresses:

 `<http://localhost/wp-
 login.php?action=rp&key=iJy9s6jdmcpNwM27iyWc&login=test>`

 `http://localhost/wp-login.php`

 Why is there the second URL? Nothing can be done here, only antispam
 filters can ban this email...

 2) When user clicks the first link, new password can be set: "Enter your
 new password below." But why has button text "Reset Password"? User is not
 resetting password, but only setting first (new) password. And after
 submitting, there is text "Your password has been reset."

 3) Site admin receives 2 notification emails (for one registration):

 - "New User Registration": New user registration on your site... (same in
 pre 4.3)

 - "Password Lost/Changed": Password Lost and Changed for user...

 So, every site admin receive another notification email with not relevant
 info, because password was not lost and changed, but created for the first
 time. For sites with many users, it is surprising and not needed... When
 user changes its password on Profile page, site admin also does not
 receive any notification. As I understand it, there is no difference when
 user set first password or reset lost password? It can be confusing for
 some users...

 4) When site admin adds a new user, custom password can be set. But newly
 added user does not know about it? User received only standard "Your
 username and password" email with link to creation of new password: To set
 your password, visit the following address...

 I am not sure, if I understand workflow completely, but it seems to me a
 little bit confusing...

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34236>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list