[wp-trac] [WordPress Trac] #63770: WordPress wp_insert_user() throws warning when password is not provided
WordPress Trac
noreply at wordpress.org
Thu Jul 31 14:30:49 UTC 2025
#63770: WordPress wp_insert_user() throws warning when password is not provided
-------------------------------------+-------------------------------
Reporter: sheldorofazeroth | Owner: sheldorofazeroth
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: normal | Resolution:
Keywords: has-test-info has-patch | Focuses:
-------------------------------------+-------------------------------
Comment (by mindctrl):
This is an interesting one. `wp_insert_user` doesn't purposely generate a
password if one is not provided, but when it passes the empty/null value
to `wp_hash_password`, a hash is generated and that is saved with the
user.
It triggers various PHP warnings, and results in a user whose password you
can't use/know without resetting.
I think it would be good to consider firming up some of the logic.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63770#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list