Support » Requests and Feedback » This forum chooses passwords for users and sends them via email, in plaintext

  • I find the fact that this forum generates passwords for users upon registration and sends them via email, in plaintext, disturbing.

    Users should be able to choose their own passwords. Further, those passwords should, under no circumstance, be emailed to the user.

    Even more disturbing is the fact that the login form at http://wordpress.org/support/bb-login.php appears not to require a secure connection (via HTTPS). Even if passwords were set securely, they would be at risk every time a user authenticates to this site.

    For a piece of software whose focus should largely be security, this is a bit of a black-eye.

Viewing 3 replies - 1 through 3 (of 3 total)
  • I wanted to register for a wordpress page to be able to comment there.

    the registration thingy sucks and does NOT send out the e-mail… WordPress registration = FAIL!!!!

    now the password sent does not work!

    Your password thingy needs some serious adjusting!

    esmi

    (@esmi)

    Forum Moderator

    I wanted to register for a wordpress page to be able to comment there.

    If you want to set up a wordpress.com site, you’re in the wrong place.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘This forum chooses passwords for users and sends them via email, in plaintext’ is closed to new replies.