Check Old password while changing it!
Unfortunately, there is no field to check old password when a user wants to change in wordpress CMS. Unfortunately again, there is not any plugin to cover this issue. So I want to ask how can i solve this problem? Please consider that I am a beginner in codes and php. In this post (How to verify old password from db before updating new password in WordPress), it seems that a solution has been reported, but, I have no idea to use them. How can i solve this problem? is there anybody who wants to create a plugin for this? or is there any plugin that i haven't seen yet? Thanks a lot!
Why do you want to verify the password? If you logged in, the password worked.
This is because of some security, actually a security for absentminded users. If you logged in and leave your pc or laptop or something else without logging out unintentionally, someone else can change your password easily. This is not important your password worked or not, actually this is important that your password WILL work or not?!!
i think we should have a plugin for this issue !
Google and yahoo done this along time ago ! check old password need to present in WordPress!
I disagree as it's dangerous. For example, you leave yourself logged in and I come to the computer. Now not only am I you, but I can see your password! If it's pinkpony98 I can be reasonably assured you use that password elsewhere.
WordPress doesn't save your password in clear text, and intentionally makes it hard to decrypt for your protection. Users will just have to remember their passwords, like the rest of us.
No, I dont want to show my old password!
let's talk about it in another way!
when a user leave himself/herself WordPress account logged in, he/she cannot log in because someone change it. His/her password is not disclosed or exposed, it is only changed. I cannot understand why the password is exposed?!
I think it is better to make an example. Let's see Password Changing System on Google, Facebook, Yahoo, Twitter and...! Please see this picture (https://drive.google.com/file/d/0BxUAPOJIYAQfWE83d0xFNng5dUU/edit?usp=sharing).
When I want to change my password, the google asks me "current password" (or old password). This question also ask when you want to change your facebook password or your twitter password or... .
All of my request is this: when a user wants to change his or her password, see a page like the picture that i shared, he should enter his current password to change it. not like this: (https://drive.google.com/file/d/0BxUAPOJIYAQfT1ZtUUZqY19reU0/edit?usp=sharing)
Actually, I think it was important that google and facebook have used this field to improve security of thier users. I think WordPress deserves it!
Aah I read your description and less the title (people are so rarely making useful titles for things, I in turn glance them over).
It's in the roadmap.
OK. Thank you for your guide. But there is a bug too! I think it's a big bug!
In this case(user leaves his/her computer logged in), anyone can change user e-mail and type the mail that he/she has. Then the guy could click on the link "i forget my password" and he get the password via her/his mail. in this case, the password will be exposed! And it's dangerous! :) what about this issue?
True, but I can do a lot to your Google account if you're logged in (adding a new email, for example, as a backup, or changing your phone to mine for SMS) is pretty simple.
Basically we can't stop people from being stupid.
Yes! They're Stupid! :D
Thanks a lot!
RSS feed for this topic
You must log in to post.