cancel
Showing results for 
Search instead for 
Did you mean: 
ioan518
New Contributor

self hosted wordpress password update

Hi

We have hundreds of self hosted wordpress sites. We manually add them to last pass as the site goes live, however i now want to re-generate the password for every site we have using the automatic password changer you have however it looks like it is not supported.

There are two issues:

1. We keep our WP sites in a shared folder with the users in the enterprise so everyone can access the sites. Your password changer looks like it only manages things in your own personal space
2. Wordpress doesnt seem to be currently supported for automatic password changes.

What I need is a method where i can tell lastpass to change all of my passwords to a new one automatically and do it for me. The task of doing this manually is huge.

Looking at other things like managewp doesnt provide good security for bulk password changes. For example I can say change all of the sites password for a certain user, however the password will be the same on each site (not secure). Then this causes an additional problem in that its not linked to lastpass so we have to login to managewp first then go to the site via that. Which takes more steps and wastes time.

Has someone else had this sort of issue and found a solution?

Cheers

Ioan
2 REPLIES 2
JohnG32
New Contributor

Re: self hosted wordpress password update

Hi Ioan,

We have the same issue.
For our Twitter account this auto-change feature works great!
Why does this not work for WordPress.
This is a huge lack of LastPass...

@LastPass, please explain us how to auto-change WordPress dashboard accounts from outside LastPass!

Regards,
JohnG
DubiousUser
Active Contributor

Re: self hosted wordpress password update

The fact that LastPass is able to "autochange" some sites is quite nice. The ability to autochange random sites (WordPress, JoesTackleAndBaitShop, ...) is not so much a reflection of LastPass as it is the effort to support random variations in the way sites manage passwords.

Let me give you an example... United HealthCare (myhealthonline.sutterhealth.org) has long had a broken password change interface. I accepts more characters than it actually stores. That means that LastPass CAN automatically send a 30 character password, and United Health Care accepts it, but if you try to present those same 30 characters to the their login page it silently truncates them to 20 characters (or so).

Like wise some dumb banking sites don't support a full set of characters. The result is that auto-password changing has to be dumbed down to fewer characters and shorter autogenerated passwords. And some really dumb sites require one a specific set of punctuation characters or disallow certain sequences of characters. This makes the burden of auto changing of passwords quite high to "random" sites.

Your only real argument is that WordPress is a pretty commonly used site... but I wouldn't be surprised if it has a gotcha or two. For example I have a self-hosted wordpress site, but I have security on my site that doesn't allow you to even GET to the login or password change pages if you don't present a specific cookie. There is no way LastPass (or any hacker) would be able to guess my "pre-password" so it would stand no chance to hack me - or attack or change a password on my site.

In fact, one of the leading WordPress site protection plugins implemented MY SUGGESTION that they protect sensitive pages using this technique (lots of security plugins were doing it very poorly).