A randomly generated password can be bypassed easily! | WordPress.org

Gary
(@barnettgs)

9 years, 7 months ago

I have tested your user expiry plugin and it doesn’t work well, especially with:

Replace the user’s password with a randomly generated one

It did work and the password was replaced with randomly gernerated one but upon the login page, I can select ‘forgot your password?’ and have it sent to my e-mail and from there, I can set up the new password to let me to access again!

It is of no use to me so can user access be blocked in any other way than just simply replacing with randomly generated password?

https://wordpress.org/plugins/expire-users/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Ben Huson
(@husobj)

9 years, 7 months ago

The best approach would be to create a new User Role which has no capabilities.
You can do this easily with the Members plugin.

Then set it so when a user expires they are assigned to this role.

Thread Starter Gary
(@barnettgs)

9 years, 7 months ago

I understand. However, I am already using default subscriber roles to access an online course and their access to the course is set by a limited period so at the end of their period, their access would be denied.

Not sure what Member could do, apart from setting capabilities. I guess I would have to delete each subscriber when their access has expired.

Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘A randomly generated password can be bypassed easily!’ is closed to new replies.

In: Plugins
2 replies
2 participants
Last reply from: Gary
Last activity: 9 years, 7 months ago
Status: not resolved