Clarify Password Reset

Description

Since WordPress 4.3, new users are no longer sent their passwords directly by email. Instead, they are sent a message containing a link to the Reset Password page, where they can choose their own password. Additionally, the Reset Password page now appears with a strong password already suggested in the “New password” field.

This plugin removes the suggested password from the Reset Password page, leaving the “New password” field empty. Below this field it adds a “Suggest a password” button whose action is to fetch a new suggested password via Ajax.

Also since 4.3, Firefox and Chrome users may notice problems saving their new password in their browser from the Password Reset page. (Firefox saves the password with an empty username; Chrome sets the username and password to the password value.) This plugin tweaks the password reset form so that these browsers can successfully save the username and newly-reset password if the user wishes.

Note that Internet Explorer, Edge and Safari will not offer to save the password from the Password Reset page, and this plugin does not change that behaviour. Therefore, the plugin adds a configurable warning message to the Password Reset screen, advising users to make a note of their new password.

The form tweaking for Firefox/Chrome and the configurable warning message are enabled by default, but they can be disabled in the administration settings.

Screenshots

  • This screenshot shows the reformatted the Reset Password page, with no auto-suggested password, the new "Suggest a password" button and the optional "Please make a note" warning.

  • This screenshot shows the plugin admin page.

Installation

  1. Install this plugin via the WordPress plugin control panel,
    or by manually downloading it and uploading the extracted folder
    to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Visit the administration page (reached via Settings / Clarify Password
    Reset in the main admin menu). From there you can configure the optional
    password warning message, and switch plugin features off or on. All features
    are enabled by default.

FAQ

Does this plugin force users to choose strong passwords?

No. Other plugins can be used for that.

Suggesting a strong password is a good “nudge” – why would you remove it? We need to educate users about strong passwords.

We found that the sort of users requiring “nudging” were also
the most likely to be confused rather than educated by the nudge.

Users can still get a strong password suggestion using the
“Suggest a password” button.

But really, why would you remove the suggested strong password?

Unfortunately, in our experience, a significant minority of users
are confused by the suggested password on the Reset Password page.

They assume that their password has already been reset, and that
their new password is shown in the box. Rather than clicking
“Reset Password”, they copy the suggested password, go back to
the login page and try to log in with it. Naturally this doesn’t work,
which leads to frustration and excessive helpdesk requests.

This plugin attempts to make the password process more intuitive
for non-technical users, so less helpdesk support is required –
and so users who don’t read instructions can still get it right.

Where do the suggested passwords come from?

The plugin uses the standard, pluggable wp_generate_password()
method to generate suggested passwords (using default parameters).

Reviews

Does exactly what it says it does. Great plugin!

I was having trouble with a client site who’s members are mostly retired. So most are not tech savvy. The auto-generated password was causing problems for many of them. Being able to remove it along with the configurable warning message were exactly what I needed. And it all simply works.

fixes username problem, great!

I don’t know how many sites passwords I have saved as a blank username or the password is in the username field. I think Chrome may have fixed this more recently as it seems to be happening less often now, but a handy plugin! Thanks

Very useful !

Thanks for this great plugin.
Many users have difficulties with the reset password procedure.

Does the trick!

When working with sites with lots of members unfortunately you realise most people are complete idiots..

Thanks to this plugin these idiots doesn’t assume their password has been reset already to a “sooooo hard” string. I’ve never experienced the saving issues with chrome and FF so I disabled that but the suggest button is a good softer alternative to prefilled password field.

Keep up the good work!

very good idea

As I had a new member who did not understand how to get his password, I thing the plugin is a very good idea and should inspired WP official team.

Read all 6 reviews

Contributors & Developers

“Clarify Password Reset” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.1.3

  • Dutch translation added – many thanks to Johan van der Wijk.

1.1.2

  • Bugfix to strip unwanted sanitization slashes when displaying custom warning text

1.1.1

  • Tweak to default settings handling for upgraded plugin

1.1

  • Added optional form tweak for fixing save-password bug in Firefox and Chrome
  • Added optional, configurable warning message advising users to take note of their new password
  • Added back-end admin page for enabling / disabling these features

1.0.1

  • Tweak to README.txt

1.0.0

  • Initial version