Skip to:

Re: No welcome email in BP 1.1.3?



Found this in bp_core_activation.php:

* bp_core_disable_welcome_email()
* Since the user now chooses their password, sending it over clear-text to an
* email address is no longer necessary. It's also a terrible idea security wise.
* This will only disable the email if a custom registration template is being used.
function bp_core_disable_welcome_email() {
if ( '' == locate_template( array( 'registration/register.php' ), false ) && '' == locate_template( array( 'register.php' ), false ) )
return true;

return false;
add_filter( 'wpmu_welcome_user_notification', 'bp_core_disable_welcome_email' );

So I guess I could just remove this function?

Is sending that password really such a “terrible idea security wise”? Are criminal gangs intercepting these emails to break into WordPress accounts?

EDIT: Yes, removing that function works. A regular WPMU welcome email is sent.

But the password in the email is eight numbers instead of the eight letters password I’d entered. Why?! Does Buddypress do its own encryption on the password? Does it use other tags or “placeholders” or whatever they’re called to call the password?

Going to sit in a corner and cry…

Skip to toolbar