How to accept weak login? | WordPress.org

mrkhan91
(@mrkhan91)

8 years, 7 months ago

Hello,

I have an odd idea that I’m trying implement in my local WordPress site. I’m trying to figure out if I can do something to authenticate non-admin users without checking their password?

Goal: I want to be able to let people in with a “valid” (if exists in the database) email only. I could care less about the password, I can still keep the password field there to make them think they are providing a password, but the idea is to let people in if their email matches the same email as the database. To avoid any unwanted admin access I want to have the password to matter for Admin group.

Is this something I can build on my own? I development experience, but just wanted to see if something like this is possible using the default WordPress functions.

The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

8 years, 7 months ago

That seems like (pardon me, but this is not personal) an exceedingly dumb idea. If I have an account on your system and anyone knows my email, they can login as me.

Certainly you can override the default WP login process, but what problem are you actually trying to solve?

This might be a better way, as it validates the email on login:

https://wordpress.org/plugins/passwordless-login/

Thread Starter mrkhan91
(@mrkhan91)

8 years, 7 months ago

Hi @sterndata, this dumb idea is for our household network and the people logging on this WordPress will be family members and instead of emails, and I was going to assign them a 6 digit username.

There is nothing sensitive on this and nobody can get into my LAN. Though, if there is anything you can recommend, I will appreciate it.

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

8 years, 7 months ago

Why not just their first names? Why make it hard?

Anyhow, I have not found any documentation on running WP without a password. What happens if you empty the password field directly in wp_users table?

Thread Starter mrkhan91
(@mrkhan91)

8 years, 7 months ago

@sterndata Yeah I can do it on name fields too, I guess I need to know what function in WordPress do I have to set to true like it would if it was authenticating a user and pass.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘How to accept weak login?’ is closed to new replies.

Tags

In: Fixing WordPress
4 replies
2 participants
Last reply from: mrkhan91
Last activity: 8 years, 7 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics