Hi @peterfabian, thanks for merging this pull request. Please take a look at these follow-up tasks you may need to perform:

• Add the status: needs changelog label
• Add the status: needs testing instructions label

Hi team, I wanted to know that is this feature available to the users now? I updated my plugin to 6.0.0 but still the password is being sent to the users via email.

Hi @avidews . I just tested a fresh installation with WC 6.0 and tried creating a new account via
1.checkout and
2. My Account page.

In both cases, the email I got didn't include the password. Which workflow are you using to create a user account? Does your website maybe use custom templates you need to adjust according to how it's been done for the default templates?

• templates/emails/customer-new-account.php
• templates/emails/plain/customer-new-account.php
• templates/myaccount/form-login.php

Hi @peterfabian.

Thanks a lot for your reply. You just solved my problem, my website is using a plugin for custom email templates and the new account email template is still using {user_pass}. I think I need to contact the plugin team to update their plugin?

Thanks lot for your help.

Great to hear. Yes, exactly, please contact the plugin authors.

Greetings all and @peterfabian @rodelgc @melek

I think this is an improvement over sending plain text password, so good call!

Two questions (and I am not sure if I need to open a new ticket for this)...

1. When I did a test account creation, I got the welcome email with the link that invited me to set a new password which was great - however, I also received a plain text "Password Changed" notification email along the lines of "This notice confirms that your password on [website] was recently changed. If you did not change your password, please contact....." etc...

Is that the correct behaviour? Because it seems unnecessary to send it to a new user that has just registered.

2. If we are now inviting customers to set a password - why not go back to doing that at the checkout, so that it is all done in one place (rather than another email process!)

Thanks

1. When I did a test account creation, I got the welcome email with the link that invited me to set a new password which was great - however, I also received a plain text "Password Changed" notification email along the lines of "This notice confirms that your password on [website] was recently changed. If you did not change your password, please contact....." etc... Is that the correct behavior?

The 'Password Changed' emails are part of WordPress. They can be disabled on your site with a filter, see this forum post for more details:

https://wordpress.org/support/topic/disable-password-changed-emails-2/

I agree with you that suppressing these emails when a new customer initially sets their password is worth considering :) If you want that functionality, I recommend filing an issue so it can be discussed.

If we are now inviting customers to set a password - why not go back to doing that at the checkout, so that it is all done in one place (rather than another email process!)

Different shop owners will have different preferences on checkout and account creation flow; I for instance think that asking the customer to go through an email process encourages extra engagement. In any case, opining on how store owners should have users set passwords is outside the scope of this change. I also don't see any reason to remove an option from the Accounts & Privacy area.

Should have maybe bumped templates/myaccount/form-login.php version cause a string changed? I was wondering why A link to set a new password will be sent to your email address. wasn't translating, I still had A password will be sent to your email address. in my theme's override but no notice that the template had been updated.

@ktmn Yup, that was missed, unfortunately. Fixed in #34308