I installed this application and activated only the “Prohibit old password” setting, with the number set to 4. All other options are off. Also this is only set in the side-wide policies and no role overwrites this.
All other password requirements are managed by Solid Security Pro.
Also the password reset page is provided by woocommerce on the frontend, so not the backend page.
I ran some tests based on your description to ensure there were no unexpected issues introduced in recent updates. From my testing, I can confirm that when using the native WordPress password reset form (both on the backend profile page and the default login reset page), our “Prohibit Old Passwords” setting works as expected—preventing users from reusing old passwords.
Since you mentioned that your password reset page is provided by WooCommerce, I’d like to clarify that support for third-party plugins—including one-click, out of the box support for forms from WooCommerce, BuddyPress, MemberPress, ProfilePress, LearnDash, and many others—is available in the Premium edition of our plugin.
That being said this is mostly a limitation of the Free edition, and not an actual bug “per se”. You can try this and confirm it actually works by trying it on the native / classic WordPress login form and reset form and ensure it works as expected Please note that our plugin will keep a history of password starting with the time it was installed, and cannot work retroactively in remembering old passwords prior to it’s installation)
This means that while our plugin enforces the rule on WordPress’ default login and profile pages, it does not automatically apply to WooCommerce’s custom password reset functionality unless the necessary integrations are in place.
I appreciate your understanding, and if you have any further questions, feel free to reach out!
Ok so now we bought and installed the premium edition to solve this issue.
But even after installing it and activating this option here
the user is still able to set/reset the password to an old one (after installing I changed the password and then again to ensure, the plugins is aware of all new passwords).
I’m really sorry to hear that you’re still running into issues with the plugin — thanks for your patience so far!
To help us better understand where things stand and narrow down the cause, could you please confirm the following:
Are you currently using the latest version of the plugin (v2.1.1 just released today)?
Is the WooCommerce Lost Password form integration enabled under Forms & Placements in our plugin? Here’s a quick reference: Screenshot
Are you experiencing the issue with Password Policies enabled? What about when they are disabled? Reference screenshot
If none of these lead us closer to a resolution, and since this is a Premium feature, please feel free to reach out to us directly at support@melapress.com where we offer 1 to 1 personalized support for our Premium users.
In the email, It would be helpful to include:
A detailed description of the issue + test outcomes of the above
A reference to this support thread
Your Premium license key or the email address used for the purchase
Since the WordPress.org forums are intended for support with the free version of the plugin only, we kindly ask that you contact us directly at support@melapress.com for further assistance.
One of our team members will get back to you as soon as possible.
Thanks for your understanding!
Viewing 6 replies - 1 through 6 (of 6 total)
The topic ‘Prohibit use of old password does not work’ is closed to new replies.
