Reset password strength requirement different from WP

  • Resolved o0llied

    (@o0llied)


    11 months, 3 weeks ago

    Hello,

    When I was testing all the features from the front end login module, i also tested the reset password feature. What i noticed was, that when i reset the password following the ‘Strong Password’ according to the settings, I was immediately redirected after login to a wordpress page, where i had to reset the password again. I could not login with my new password, without having to change it again. It seems that the wordpress ‘Strong Password’ requirements are different and automatically force users to adhere to if their (new) password does not match these.

    Hopefully there is a fix for these, otherwise i think almost everyone will have to change their password twice, which is kind of confusing.

    Thanks in advance for taking the time to help me!
    Kind regards,

    Olivier

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Uncanny Owl

    (@uncannyowl)

    11 months, 3 weeks ago

    Hi @o0llied, thanks for reaching out. What you’re seeing is likely a result of some extra security either enforced by a plugin on your site or set up by your host. Could you let us know what host you’re using, and provide a screenshot of the second reset password page? It might also help to reach out to your host to let them know what you’re experiencing.

    Regarding your other request, we’ll have our front-end developer provide some guidance on what you can do there, but he’s not available until tomorrow. Thanks for your patience!

    Thread Starter o0llied

    (@o0llied)

    11 months, 2 weeks ago

    Hi!

    Thank you for the quick reply, i did not seem to get a notification about it.

    I am hosting through Learndash Cloud, do you know by any chance if they add extra security measures?

    It seems to have a different problem now, whenever i change my password using your flow, when attempting to log in, i just get the message ‘Something went wrong. Please try again.’

    When I change the password again to meet the criteria set by WordPress, I am able to login. Afterwards, i don’t see the second reset password page anymore.
    See below the screenshot of the second reset password page.

    I also would like to point out that your reCAPTCHA is not working. As per your article, i generated V2 keys and populated the fields. But there is not sign of reCAPTCHA on any of the pages. When attempting to login, you just get redirected to the login page with the addition in the URL of ‘/?login=recaptchafailed’. I already have bots creating accounts on my website, so i would like this to work to prevent them from creating hundreds of accounts. I also tested V3 keys, but there i have the same issue.

    Before i was using the reCAPTCHA integration of my security plugin, this one worked fine, but gave issues with the resetpassword form because it did not add the reCAPTCHA there, so users could not send the request. When i tried to use the same keys I put in that plugins settings, in your settings (and disabling the reCAPTCHA on the other plugin), i do see the reCAPTCHA box on the login screen, but it gives the error that the keys are invalid.

    Hope this helps, thanks again for the assistance so far.

    Kind regards,

    Olivier

    • This reply was modified 11 months, 2 weeks ago by o0llied.
    Plugin Author Uncanny Owl

    (@uncannyowl)

    11 months, 2 weeks ago

    Hi @o0llied, thanks for the screenshot and additional details.

    This issue might have the same causes as your issue in the other ticket. reCaptcha relies on JS files to work, and if they are combined and minified it may affect the functionality of the reCaptcha or password reset.

    While you are checking for a plugin or theme conflict to resolve the “eye” icon issue, please also try the password reset and reCaptcha to see if they are fixed as well.

    Thread Starter o0llied

    (@o0llied)

    11 months, 2 weeks ago

    Hello,

    Thank you for getting back to me.

    I disabled the minifying and combining of CSS and JS files, purged all cache but the problem is not resolved unfortunately. Now i can’t even send the form because it gives either one of two errors:
    – ‘Password reset email failed to send’
    – ‘You must submit the reCAPTCHA to proceed. Please try again.’

    The first error is fixed when i accept the cookies.

    The second error is fixed when I disable the reCaptcha integration of my Security plugin. As mentioned before, i would prefer to use your reCaptcha integration, but this one does not work at all.

    When i tested, with everything off, including reCaptcha, CSS and JS file combination/minifying, and reset my password without meeting the WP Strong password requirements, i still can’t login. I have to reset my password again, making sure it meets the WP strong password requirements, then i can login again.

    Hope you can help me further to resolve the issue.

    Plugin Support David Chambo

    (@uncannydavid)

    11 months, 1 week ago

    Hey @o0llied

    At this point, it might be a good idea if we could take a look at the issue directly on your end with temporary admin level access to the site (preferably in a staging environment where the same issue is occurring). 

    Can you please create a temporary admin user with the email address support@uncannyowl.com? Please email a temp password to the same email address (DO NOT add the password to this thread as it is public). Thanks!

    Thread Starter o0llied

    (@o0llied)

    11 months, 1 week ago

    Hi David,

    Thank you, i have sent an email to the mentioned email address!

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Reset password strength requirement different from WP’ is closed to new replies.