Where Are User Passwords Stored?
Primarily, user passwords are encrypted and stored in WordPress.
However, you can also choose to store the password inside your CRM. Unfortunately, this CRM field is NOT encrypted, and therefore poses a security risk.
While there is no significant loss of functionality when you opt NOT to store passwords in your CRM, the following features won’t work:
- You will not be able to email the username/password to new clients after they purchase access to your membership or online course. HOWEVER, you can securely display their login info on the thank you page (tutorial).
- You will not be able to send auto login links to current email subscribers
Why isn’t there an option for users to create their own passwords at the start?
There is no way for your users to create their own passwords upon purchase or signup. The reason behind this is simple: security.
We believe in safe software and users picking simple and re-used passwords can leave your site vulnerable.
While a user may reset their password at any time, AccessAlly does its best to set them up with a safe password to protect you (and them) from the start.
How to Reset a User Password
There are two ways that a user can reset their password.
1. Through the “Forgot Password” link in the Login Form
2. You can set up an Account or Profile page for your users and give them the option to update their password. Click here for more information on how to create an Account Profile page.
Here are the ways you can create passwords for your users:
- How To Provide Users Passwords After Purchase
- Alternative Ways to Emailing or Displaying User Passwords (Recommended)