They’d have to of had to input their password to get to their profile screen. It’s arguable how much extra security is gained by requiring their password again. I know this is done elsewhere, the vectors available for abuse seem pretty small to me.
Anyway, I don’t know if there’s such a plugin, but you can manage the display of the password fields with the ‘show_password_fields’ filter. It appears like you could output an alternative form at this point to collect the current password. If verified, then return true
to have the normal fields output. I’ve not tried this to see how well it works, but it appears to be doable.
Thread Starter
jkieth
(@jkieth)
Thank you for the response @bcworkz. I am with you on whether or not it’s really that much added security but unfortunately the site that I’m needing for is a web app that integrates with QuickBooks API and their security team requires this added step for some reason.
I will definitely try modifying the file or creating my own plugin using the ‘show_password_fields’ as you suggested. I think a plugin would be ideal in order to prevent having to modify the file each time WordPress updates its core files.
Agreed, a plugin is ideal. My sites always have a custom child theme or plugin in which I keep all customization. Or you could create a stand alone plugin that focuses solely on adding a confirmation field so it could be used elsewhere as needed. You could even share it somewhere like github or the WP repository 🙂