I have a WP Network (sub directory), Sometime specially in case of security emergencies, it is generally preferred to change passwords for all users.
I am looking for a way to reset passwords by sending a password reset url via email to each user on the network.
Goal here is to just reset all passwords and make users regenerate them through the reset password link on the front end. Also I would like to kill all active sessions
The easiest way to do this is to regenerate all the SALTs (in .env for me)
How can I do this using wp-cli?
I am comparative new to wp-cli and found out / where it explains how I can do for an individual user.
# Update user
$ wp user update 123 --display_name=Mary --user_pass=marypass
Success: Updated user 123
.
But there are two problems here,
- The password has to be entered along with the username, which I think is not the ideal method.
- The user should have the freedom to select their password,(consider strong passwords are forced)
Any help, reference Urls?
Update I was able to make a small php files which resides on my root directory, and execute in via wp-cli and reset all the passwords at once using wp_generate_password().
Since I am working on local system right now, I did not check if it sends emails with the reset URL, which is kind of important. But that does not sound too difficult.
What I am concern right now is, I really don't want it to be executed the way it is right now. I am using " wp eval-file password-reset.php;"
I want it to have it more of like a function some what like "wp reset passwords" with parameters like USERROLE, USERNAME, USERID or just * for all users.
Does anyone have any idea how can I get that???
I have a WP Network (sub directory), Sometime specially in case of security emergencies, it is generally preferred to change passwords for all users.
I am looking for a way to reset passwords by sending a password reset url via email to each user on the network.
Goal here is to just reset all passwords and make users regenerate them through the reset password link on the front end. Also I would like to kill all active sessions
The easiest way to do this is to regenerate all the SALTs (in .env for me)
How can I do this using wp-cli?
I am comparative new to wp-cli and found out https://wp-cli/commands/user/update/ where it explains how I can do for an individual user.
# Update user
$ wp user update 123 --display_name=Mary --user_pass=marypass
Success: Updated user 123
.
But there are two problems here,
- The password has to be entered along with the username, which I think is not the ideal method.
- The user should have the freedom to select their password,(consider strong passwords are forced)
Any help, reference Urls?
Update I was able to make a small php files which resides on my root directory, and execute in via wp-cli and reset all the passwords at once using wp_generate_password().
Since I am working on local system right now, I did not check if it sends emails with the reset URL, which is kind of important. But that does not sound too difficult.
What I am concern right now is, I really don't want it to be executed the way it is right now. I am using " wp eval-file password-reset.php;"
I want it to have it more of like a function some what like "wp reset passwords" with parameters like USERROLE, USERNAME, USERID or just * for all users.
Does anyone have any idea how can I get that???
Share Improve this question edited Feb 9, 2017 at 16:19 patilswapnilv asked Feb 9, 2017 at 6:06 patilswapnilvpatilswapnilv 717 bronze badges 5- I think your question might be too limiting, why do you need wp-cli for that? what is wrong with an admin based solution? – Mark Kaplun Commented Feb 9, 2017 at 6:42
- I am considering the senerio when probably the wp-admin is not accessible or may be its hacked. This is just a emergency solution. So may not be used often, but need to have this in place when needed. – patilswapnilv Commented Feb 9, 2017 at 7:15
- oh ok, make sense, although in case of a site being hacked it will not save you from restoring from backup first, otherwise (assuming there is a way to do it at all) the hacker most likely will be able to disable this kind of functionality – Mark Kaplun Commented Feb 9, 2017 at 9:15
- Yes I agree with you @MarkKaplun, the hacker would be able to disable this kind of functionality. But I don't think that should stop us from having it. I have seen hackers mess with the backup files too. Long time back when tools like UpdraftPlus were commonly used and backups used to be on the same server. – patilswapnilv Commented Feb 9, 2017 at 16:08
- This probably is more a question of Bash than WP-CLI. You could simply provide a CSV with one UID and one PW per line and then simply read that and perform the WP-CLI command for every line. – norman.lol Commented Apr 8, 2019 at 20:38
2 Answers
Reset to default 2A simple solution is:
wp user reset-password $(wp user list --field=user_login)
got that from forcing all plugins update after a minor takeover:
wp plugin install $(wp plugin list --field=name) --force
user reset-password user1 user2 userN
Will reset password and send email notification to the users.
use --skip-email to not send an email.
cf. https://developer.wordpress/cli/commands/user/reset-password/
If you want to reset the password for all users you can, first get list of all users , and then trigger the password-reset:
wp user list --field=user_login | xargs -n1 -I % wp user reset-password %
xargs will read the each user_login and pass it to wp user reset-password.