admin管理员组

文章数量:1426810

I am currently moving from a custom platform to WordPress.

I don't believe there is anyway to migrate passwords from our current site due to encryption.

User will be emailed to reset their password once we launch the new site, but from past data, I know a majority of users will ignore this email.

My thought was to trigger the password reset automatically when the user tries to login. I was going to use the "Expire Passwords" plugin, but it seems that you need to enter your correct password for the reset password action to trigger.

Any suggestions on how to solve this problem? Thank you for your time and help. Cheers

I am currently moving from a custom platform to WordPress.

I don't believe there is anyway to migrate passwords from our current site due to encryption.

User will be emailed to reset their password once we launch the new site, but from past data, I know a majority of users will ignore this email.

My thought was to trigger the password reset automatically when the user tries to login. I was going to use the "Expire Passwords" plugin, but it seems that you need to enter your correct password for the reset password action to trigger.

Any suggestions on how to solve this problem? Thank you for your time and help. Cheers

  • migration
  • password
Share Improve this question edited May 22, 2019 at 22:14 butlerblog 5,1313 gold badges28 silver badges44 bronze badges asked May 22, 2019 at 21:53 LuckLuck 111 bronze badge 2
  • have you considered flagging all users with a user meta value that tells them to check their email when they try to login, then clearing that when they reset their password? Keep in mind that 3rd party plugins such as the expire passwords plugin are offtopic here and could result in your question being closed as offtopic – Tom J Nowell Commented May 23, 2019 at 0:16
  • How does the current custom platform hash the passwords? Is it a PHP application that uses the native password_hash() function? – Derek Held Commented May 23, 2019 at 1:03
Add a comment  | 

2 Answers 2

Reset to default 1

I don't believe there is anyway to migrate passwords from our current site due to encryption.

I wouldn't necessarily rule that out. While WP uses PHPass as its regular hash for passwords, it still supports MD5 which was the original hash.

If a password is an MD5 hash, it will be updated to the new hash when the user logs in.

If your existing site's passwords are MD5 hashed, or if they can be converted to MD5, then you may be able to migrate your passwords.

If your current platform is on PHP and uses password_hash() to create hashed passwords then you can use a plugin like password-bcrypt or PHP Native Password Hash. Personally I'd recommend the latter as the plugin also supports Argon2 which is stronger than bcrypt. If you instead use crypt() to create bcrypt hashed passwords then it likely already works with WordPress without further effort on your part. In either case you could simply copy over all the hashed passwords for your users into your WordPress database and everyone should be able to log in with their existing passwords.

Now if you still want to force a password reset you could always do so by setting new, random passwords for all your users with a script. They won't be able to log in and they will be forced to go through the reset process. In PHP 7+ for each user you could do something like:

$db = new mysqli('dbhost', 'dbuser', 'dbpass', 'dbname');
// Get array $userList with all usernames from DB or somewhere else
foreach ( $userList as $user ) {
    $hashed = password_hash( random_bytes(16) );
    $db->query( 'update wp_users set user_pass='.$hashed.' where user_login='.$user);
}
$db->close();

The default in PHP for password_hash() is to create a bcrypt hash and since the idea is to force a reset anyways I wouldn't bother trying to use a stronger algorithm. You would also be using random_bytes which is designed to create cryptographically secure random data.

本文标签: migrationHow do I force password reset even with wrong password entered

版权声明:本文标题:migration - How do I force password reset even with wrong password entered? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745471164a2659756.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。