I notice that when a user signs up they get an email that displays their entered password in clear text.

Could you please detail your password management?

How are passwords stored in the database? Are they stored as cleartext? Are they encrypted? I am assuming they are not hashed given the password is displayed in the clear in the sign-up email.

I understand that during the “Forgot Password” process a secret key is provided… which is certainly better than emailing the password in cleartext again. But my question is regarding how passwords are stored in the database?

Ideally it would be great if passwords were hashed and salted.

Thank you,

Russ

Do not worry! Passwords are stored “hashed” and they are not stored in User meta. They are updated just like how WordPess does it and recommend it.

wp_update_user( array( ‘ID’ => $user_id, ‘user_pass’ => $user_pass ) );

WP handles the encyrption part. USERPRO NEVER STORE the password as plain text. It uses the form/real pasword only when emailing it to the user.

Thanks

Thank you for your quick reply. That’s good to know, thanks for putting me at ease.

I am not sure what you mean by “It uses the form/real pasword only when emailing it to the user.” – could you please clarify?

For me, passwords should *never* be sent in the clear in any email whatsoever. Generally speaking, emails are not encrypted and are not a secure method of communication.

Thanks again,

Russ

You can hide it/remove it from the email template that get sent to user if you do not want to reveal user pass in email (assuming he already knows what he typed as password? makes sense) but let’s say someone connect with facebook, a social account, he should be able to login with both facebook and normal wp account (that’s a good feature) so how can he login to his standard wp account without knowing the password (which is randomly generated for him and sent by email)

Yes very good point, thanks. I will remove it from the email template.

Randomly generated passwords are fine to be emailed, as long as the user is forced to change their password upon next login. Then the password they enter will be ‘theirs’ and never emailed out. I don’t use the social account feature, so I’m only considering all of this purely from a WP account perspective.

You mention WP hashes the passwords, which is great, but at the time of first registration UserPro must know what the password is in order to be able to email it in cleartext. Therefore, UserPro ‘intercepts’ the entered password before it is hashed? If so, will UserPro continue to intercept entered passwords even if they are changed at a later time, or will it just intercept the password only at first time registration?

I may be missing something here, I’m not sure… please let me know. My understanding is that an entered password should be hashed by WP immediately and therefore all other applications should only ever know the hash. Other applications should not intercept entered passwords and have any record of them… emailing a password in cleartext is a form of a record. But I have not considered the social login aspect, so I may be missing that piece of the puzzle.

What do you think?

Thanks,

Russ

will it just intercept the password only at first time registration?

Yes! It won’t store the clear password any more. It’s hashed and stored in DB.

I use the password before hashing by knowing what value the user entered in the form and use it in email template. You are right, It can be a better idea to remove this from email template.

All the best,

Russ 🙂

I need to create accounts for some users and would like to email them a temporary password and then force them to update on login.