Username in password reset link

Posted by: tangrufusitineris

14th January 2020, 1:47 pm

tangrufusitineris

@tangrufusitineris

14 Jan 2020
1:47 pm

The password reset email include a link which contains username. For example: xxx.com/forgot-password/?somresetpass=true&somfrp_action=rp&key=xxx&login=my-username

This query string is tracked by Google Analytics. Thus, violating GDPR as username is a personal identifiable information.

Question: Any way to get rid of &login= from the password reset links?

Thanks!

  • Developer
    Richard Webster

    @rwebster

    14 Jan 2020
    2:01 pm

    Hi mate as far as I'm aware you're able to set up your analytics to ignore particular URL query strings. Just had a quick Google and this might be helpful.

  • tangrufusitineris

    @tangrufusitineris

    15 Jan 2020
    9:07 am

    Thanks for the quick reply.

    Howvever, the data still reaches Analytics.

    Are there any filter to modify reading/storing the query string? Something like:

    add_filter('some_hook_to_make_reset_url', function (string $theUsername): string {
    
    return DataStore::createNewRandomStringBy($theUsername);
    });
    
    
    
    
    add_filter('some_hook_to_read_from_reset_url', function (string $theRandomString): string {
    
    return DataStore::getUsernameByRandomString($theRandomString);
    });
  • Developer
    Richard Webster

    @rwebster

    15 Jan 2020
    1:06 pm

    Okie dokie I think the best thing would be to use a different method like you're suggesting. Leave it with me šŸ‘

  • tangrufusitineris

    @tangrufusitineris

    20 Feb 2020
    9:17 am

    Any news?
    Or, anything I can help to make it happen?

  • Developer
    Richard Webster

    @rwebster

    21 Feb 2020
    7:38 am

    I'll be pushing an update this weekend mate šŸ™‚

  • Developer
    Richard Webster

    @rwebster

    7 Mar 2020
    1:13 pm

    Version 1.1.91 now removes the username from the reset password link šŸ™‚