Support » Developing with WordPress » Modifying profile.php

  • I’m curious if there is a good way to add a “confirm current password” field to the /wp-admin/profile.php page where a user is allowed to update their information? For security, we need to make sure that the current user can correctly input their current password before changing their password. Is this possible through the Theme My Login plugin or maybe via some custom coding to the plugin?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    They’d have to of had to input their password to get to their profile screen. It’s arguable how much extra security is gained by requiring their password again. I know this is done elsewhere, the vectors available for abuse seem pretty small to me.

    Anyway, I don’t know if there’s such a plugin, but you can manage the display of the password fields with the ‘show_password_fields’ filter. It appears like you could output an alternative form at this point to collect the current password. If verified, then return true to have the normal fields output. I’ve not tried this to see how well it works, but it appears to be doable.

    Thread Starter jkieth

    (@jkieth)

    Thank you for the response @bcworkz. I am with you on whether or not it’s really that much added security but unfortunately the site that I’m needing for is a web app that integrates with QuickBooks API and their security team requires this added step for some reason.

    I will definitely try modifying the file or creating my own plugin using the ‘show_password_fields’ as you suggested. I think a plugin would be ideal in order to prevent having to modify the file each time WordPress updates its core files.

    Moderator bcworkz

    (@bcworkz)

    Agreed, a plugin is ideal. My sites always have a custom child theme or plugin in which I keep all customization. Or you could create a stand alone plugin that focuses solely on adding a confirmation field so it could be used elsewhere as needed. You could even share it somewhere like github or the WP repository 🙂

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Modifying profile.php’ is closed to new replies.