When someone tries to recover their password, A new password is generated and emailed to them. This means anyone can reset anyone else’s password and lock them out of their account as long as they know that persons email.
Is there anyway to sent a link to a password reset page, so it confirms the emails address before resetting the password?
Hi, thank you for contacting us. The plugin developers will investigate further your request.
You can’t really lock because the password goes to the registered email address (which only the member has access to). Also, the member can always reset the password again in the future. So someone else can’t really lock another user. In normal situation, you won’t see this being an issue. I am happy to look at your site if you are seeing this becoming an issue for your site.
My point is that another user could clear my password without my permission and I would have to recover it. It would not lock me out, but it would be annoying.
It does not seem like best practice for something like this.
It looks like my question is answered though: No, there is not a way to do it better.
If I use your plugin, I will have to use this password recovery method.
You must be logged in to reply to this topic.