This plugin does 3 things
1) It will check you don’t have a username called “admin” which is asking to be hacked
2) It will allow you to reset all passwords, with an password reset link sent to all users to warn them.
Following a couple of reviews from v7.0 the plugin will allow you to set the email from address, name, subject and message
3) You can also change the SALTS which forces a logout of all users.
Screenshots
The main and only screen!
Installation
Upload the emergency-password-reset directory to the /wp-content/plugins/ directory.
Activate the plugin through the ‘Plugins’ menu in WordPress.
Click on Emergency Password Reset in the Users menu
Adjust the settings as required
Click on the ‘Reset Passwords’ button
FAQ
How does it work?
When you click rest passwords, the plugin recreates random passwords for every user and emails them the reset password link.
Will I be secure now from a hack?
Not necessarily. We advise you change your SALTS in the wp-config.php file which will force logouts for all users. WordPress provide a tool to generate new ones.
You can now reset them automatically from the plugin Dashboard>Settings>Reset SALTs
Check out our blog post on hacked WordPress sites
It does it’s core function (i.e it resets passowrds) but the email may not arrive. If it doesn’t, it will take Backend access to users SQL’s to resolve.
Does it work? Yes. Those subscribed to my Wordpress blog got emails asking them to reset their passwords.
But…
1) I was not able to set the text or add to it. The outgoing message looked like spam. The subject was okay: Password reset for [website]
The body was not. It only said:
We have had to reset your password on [website]. Your username is still [username], please reset your password
Thanks.
Had I been able to add a personal message, my legit users (a tiny percentage of the total; the rest being bot accounts) would have known it came from me.
2) I was not able to set the From address. It didn’t even go from my address at that website. Rather, it went from my primary email address.
3) Gmail looked at the large volume of emails that went out and blocked me. (And/or people who received the emails marked them as spam.) It’s been a week and I can not send any mail to gmail users (all gmail users, not just ones the email went to).
I am deleting this plugin and never ever using it again.
This plugin does what it says it does.
I used it after we found malware in one of the sites I migrated into my Multsite WP install. All passwords where reset and the “Password reset” email was sent to the users.
Definetly helped fixing this emergency. Thanks!
Or, if it crashes, some.
I’d rate it higher if you could reset passwords for only a group at a time, instead of literally every single account that has ever been made on your website. That’s sending over 2000 (useless) emails for companies using things like woocommerce!
As we all know our members may get lazy with maintaining (updating) their passwords. This really is a nice simple way of resetting everyone’s password.
I have about 100 user accounts and all of my members were able to quickly and easily change their password. The Password Reset Link they receive in their email is really great!
One of the other benefits of this plugin is it quickly helps you identify user accounts with defunct email addresses. I simply deleted these accounts thereby forcing users with outdated email accounts to re-register.
A couple of suggestions:
#1. Reset All Passwords in the morning. This gives users enough time to reset their passwords before the link expires.
#2. When installing the plugin, add the following css code to your Customizer’s Custom CSS. This will nudge your users to choose strong passwords. Note – install this css code before resetting all passwords.
.pw-weak {
display: none !important;
}
I will use this plugin to force all of my members to change their passwords on an annual basis.
Great job Andy!
