[wp-trac] [WordPress Trac] #63770: WordPress wp_insert_user() throws warning when password is not provided
WordPress Trac
noreply at wordpress.org
Mon Aug 4 02:09:46 UTC 2025
#63770: WordPress wp_insert_user() throws warning when password is not provided
-------------------------------------+-------------------------------
Reporter: sheldorofazeroth | Owner: sheldorofazeroth
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: normal | Resolution:
Keywords: has-test-info has-patch | Focuses: coding-standards
-------------------------------------+-------------------------------
Comment (by iamadisingh):
Replying to [comment:15 peterwilsoncc]:
> @sheldorofazeroth @hbhalodia I understand what's behind your argument
but as the function is a low level function for use by developers. Logging
a warning is the correct course of action.
>
> I agree it would be better if the account wasn't created but WordPress
strives to maintain backward compatibility that needs to be the case going
forward.
>
> A compromise I might accept is as follows:
>
> * `wp_insert_post()` detects an undefined/empty password ans throws a
specific warning using
[https://developer.wordpress.org/reference/functions/wp_trigger_error/
wp_trigger_error()` with the `E_USER_WARNING` constant
> * `wp_insert_post()` populates the password field if it's empty with a
random password generated by `wp_generate_password( 32 )`
>
> That will improve the details provided to the developer calling the
function to provide specifics rather than the build in PHP error notices.
I've opened a PR that implements this approach. I agree that maintaining
backward compatibility is important here, so the function now triggers a
developer warning and generates a secure random password if `user_pass` is
missing, rather than returning an error. Thanks for the discussion and
feedback!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63770#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list