WordPress.org

Ready to get started?Download WordPress

Ideas

Check Old password while changing it!

  1. smash_kia
    Member

    Unfortunately, there is no field to check old password when a user wants to change in wordpress CMS. Unfortunately again, there is not any plugin to cover this issue. So I want to ask how can i solve this problem? Please consider that I am a beginner in codes and php. In this post (How to verify old password from db before updating new password in WordPress), it seems that a solution has been reported, but, I have no idea to use them. How can i solve this problem? is there anybody who wants to create a plugin for this? or is there any plugin that i haven't seen yet? Thanks a lot!

    Posted: 3 months ago #
  2. Ipstenu (Mika Epstein)
    Administrator

    Why do you want to verify the password? If you logged in, the password worked.

    Posted: 3 months ago #
  3. smash_kia
    Member

    This is because of some security, actually a security for absentminded users. If you logged in and leave your pc or laptop or something else without logging out unintentionally, someone else can change your password easily. This is not important your password worked or not, actually this is important that your password WILL work or not?!!

    Posted: 3 months ago #
  4. Jam Viet
    Member

    i think we should have a plugin for this issue !
    Google and yahoo done this along time ago ! check old password need to present in WordPress!

    Posted: 3 months ago #
  5. Ipstenu (Mika Epstein)
    Administrator

    I disagree as it's dangerous. For example, you leave yourself logged in and I come to the computer. Now not only am I you, but I can see your password! If it's pinkpony98 I can be reasonably assured you use that password elsewhere.

    WordPress doesn't save your password in clear text, and intentionally makes it hard to decrypt for your protection. Users will just have to remember their passwords, like the rest of us.

    Posted: 3 months ago #
  6. smash_kia
    Member

    No, I dont want to show my old password!
    let's talk about it in another way!
    when a user leave himself/herself WordPress account logged in, he/she cannot log in because someone change it. His/her password is not disclosed or exposed, it is only changed. I cannot understand why the password is exposed?!
    I think it is better to make an example. Let's see Password Changing System on Google, Facebook, Yahoo, Twitter and...! Please see this picture (https://drive.google.com/file/d/0BxUAPOJIYAQfWE83d0xFNng5dUU/edit?usp=sharing).
    When I want to change my password, the google asks me "current password" (or old password). This question also ask when you want to change your facebook password or your twitter password or... .
    All of my request is this: when a user wants to change his or her password, see a page like the picture that i shared, he should enter his current password to change it. not like this: (https://drive.google.com/file/d/0BxUAPOJIYAQfT1ZtUUZqY19reU0/edit?usp=sharing)
    Actually, I think it was important that google and facebook have used this field to improve security of thier users. I think WordPress deserves it!
    Thank you!

    Posted: 3 months ago #
  7. Ipstenu (Mika Epstein)
    Administrator

    Aah I read your description and less the title (people are so rarely making useful titles for things, I in turn glance them over).

    https://core.trac.wordpress.org/ticket/20140

    It's in the roadmap.

    Posted: 3 months ago #
  8. smash_kia
    Member

    OK. Thank you for your guide. But there is a bug too! I think it's a big bug!

    In this case(user leaves his/her computer logged in), anyone can change user e-mail and type the mail that he/she has. Then the guy could click on the link "i forget my password" and he get the password via her/his mail. in this case, the password will be exposed! And it's dangerous! :) what about this issue?

    Posted: 3 months ago #
  9. Ipstenu (Mika Epstein)
    Administrator

    True, but I can do a lot to your Google account if you're logged in (adding a new email, for example, as a backup, or changing your phone to mine for SMS) is pretty simple.

    Basically we can't stop people from being stupid.

    Posted: 3 months ago #
  10. smash_kia
    Member

    Yes! They're Stupid! :D
    Thanks a lot!

    Posted: 3 months ago #

RSS feed for this topic

Reply

You must log in to post.

  • Rating

    12345
    0 Votes
  • Status

    Good idea! We're working on it

Tags