This article will show you how to generate a single universal password for all new members who sign up to your MemberPress based membership site.
Why Assign a Universal MemberPress Password?
The main reason is to reduce friction for your new members so they can access the content they paid for as quickly after purchase as possible.
Say, for example, you’re using Thrivecart as your shopping cart—as many of our customers do.
While ThriveCart is wonderful, their MemberPress integration doesn’t support auto-login.
Since you can’t offer automatic login after purchase, the next best thing would be to present your new member with a login form directly on the thank you page after purchase AND tell them what the password is so they can login immediately.
How Does The MemberPress Universal Password Work?
1 – When a new member signs up on your website, MemberPress creates the member and transaction.
2 – Then, immediately after that, a small script runs which updates that member with a preset, universal password.
3 – The member is redirected to the Thank You page you have configured inside of MemberPress, and which has a MemberPress login form embedded on it.
4 – The Thank You page also contains the member’s login (which is simply his email address) and the universal password.
5 – The member logs in straight away and is ready to consume his content without having to go first check his email, click, a link, and all that jazz (although the welcome email with his username and password still gets sent).
Note that the same password is created for every new user.
It can be any alphanumeric value such as MyUniversalPass2020, for instance.
The script that performs this function works by overwriting the unique password generated for each MemberPress member and replaces it with a single, universal password.
You will be able to pick any password you want by editing the script (it’s super simple to do as you’ll see in a minute).
On the Thank You page you might also want to add a message where you inform the member to login to his account where he can then change his password to whatever he wants, although it’s probably not necessary.
What You’ll Need
1 – MemberPress WordPress membership plugin
2 – Our Universal Password script
How to set up your website for MemberPress universal password?
1. First of all we will create a WordPress template.
IMPORTANT: I highly recommend that you first create a child theme, or use the My Custom Functions WordPress plugin whenever you add custom code to your theme files. Otherwise, any time you update your theme your changes will get wiped out!
You need access to your website FTP. Just duplicate the page.php file from your theme files and name it mp-univ-pass-page.php. Open mp-univ-pass-page.php and add this to the top of it:
<?php /* Template Name: MP Universal Password */ ?>
We have just created a template WordPress file.
2. After you have completed checkout and downloaded our script, you will need to unzip the file mp-universal-pass.zip.
Open the mp-universal-pass.php file with any text editor and copy the php script from it.
Then paste the script at the top of mp-univ-pass-page.php template and save it.
If you want to change the universal password from “MyUniversalPass2020” to something else you will only need to edit one line which already has the comments how to do this.
3. Then add the mp-univ-pass-page.php file to your theme folder (https://yourdomain.com/wp-content/themes/your-child-theme-folder).
Obviously your child theme folder directory probably won’t be named “your-child-theme-folder”. 🙂
4. Go to your WordPress Dashboard and click on Pages => Add New. Name the page “MemberFix Json” (you can name it however you want, of course) and select MP Universal Password as page template.
So the link to the page will be https://yourdomain.com/memberfix-json/ ater the new page is saved.
5. After we have created the page with the code which will generate the universal password, we need to trigger this code every time when a new user signs up.
First of all we need to go to WordPress Dashboard and click on MemberPress => Developer => Webhooks:
We need to add our link (https://yourdomain.com/memberfix-json/) to Webhook URL field and click on Advanced link:
From the options which will appear on screen just check “Member Signup Completed” and then scroll down and click on “Save Webhooks“:
Why did we develop the assign an universal password to MemberPress users on signup solution?
One of our customers needed this solution because we realized that many of the new users which signed up on his MemberPress membership website could not login because they were never checking their emails where the login details were.
He needed a solution where new users got an universal password which they were able to see it on the confirmation page after the checkout process.
This way the users were able to login to their account and set up a new password they wanted.
So we went ahead and developed this solution for him.
And now you get to use it too! 🙂
Should You Be Worried About Security Using The MemberPress Universal Password Method?
In most cases, no.
However, it depends on the nature of your site.
First of all, the members joining your site won’t know that their password is the same as other members’ passwords.
Why would they?
They will quite naturally assume that their pass is unique.
However, let’s imagine a worst case scenario in which a bad faith actor figures out that he has the same password as everybody else.
He would then also need to somehow find the username or email address of another member to even be able to login to their account.
Let’s further suppose that this person DOES get somebody else’s username and manages to login to their account.
The question now becomes: what kind of damage can he do inside the member’s area?
1 – He CANNOT manage subscriptions or credit card info since that’s all handled by ThriveCart (this is the biggie).
2 – He CAN update profile info and change that member’s password (although why would he?)
3 – He CAN post in the forums (if you have forums).
4 – If you’re using some kind of LMS or gamification system, he CAN modify the progress of courses.
5 – He CANNOT access any admin functions or dashboards.
That all sounds like a big headache waiting to happen, right?
In our experience cleaning up countless hacks (mostly DAP hacks), virtually all bad faith actors and hackers operate with a single objective: money.
Since nobody can access any payment details with this method, and since none of the members have admin rights, that removes the ability—and therefore the incentive—to steal or redirect funds.
So if a bad faith actor can’t steal money, what can he do?
I suppose he can take an extra course on behalf of the logged-in member (although why would he?)
He could also change the member’s password (which the real member can easily change back and which would lock out the bad faith actor for good).
He could post some weird stuff on your forums (although if they’re private forums, he doesn’t have any incentive to do so from a black hat SEO perspective).
The worst thing I can imagine somebody doing is updating somebody’s profile with their real name and somehow threatening their anonymity / reputation by impersonating them and posting something uncouth on the forums (if that’s a concern in your particular community).
But again, this scenario is incredibly unlikely.
It assumes the bad faith actor even KNOWS the real member’s name, and it further assumes that he has something to gain by playing a practical joke.
None of this is very likely.
However, you have to decide for yourself whether the removal of friction for your members is worth the extremely remote possibility of somebody superficially messing with your site.
For several of our customers, this is an acceptable trade-off that in no way endangers their members’ security or anonymity.
For others it may not be worth it.
Your site, your rules, you decide. 🙂
And if you have follow up questions just leave a comment at the end of this post.
Will you provide support for this script?
If you have any questions or issues please come back to this post and leave a comment describing them (you can also upload screenshots in the comments).
We will also provide email support at firstname.lastname@example.org but using comments instead, everybody benefits from the conversation and explanations, including existing and potential customers. 🙂
It also fosters transparency which improves the direction of development by involving our entire community.
How can I download the script?
We offer this plugin for sale starting at $4.97 for a single site license. If you’d like to purchase it please complete the checkout below.
You’ll gain access after checkout.
To use this product you need to have one the following installed on your WordPress installation:
|Mar 23, 2020
|MemberPress Developer Tools 1.1.30
1.0.0 – March 23, 2020
- Initial release
Frequently Asked Questions
Can I use this script/solution on client sites, or only on my own sites?
You can use it on both your sites and client sites.
Are there any plugin dependencies
Yes, you will need MemberPress Plugin and MemberPress Developer Tools Plugin in order to use this solution.