Wordpress Visibility: Password Protected pages (case insensitive?)

Question

I'm building a site which has a protected space for privileged customers, where they enter a password and gain access to exclusive offers ect. I've changed the visibility settings to password protect and have entered the password.

My problem now is it's case sensitive! And i can't find anywhere how to change this. Surely there's a way?

Can anyone shed any light here?

Kind Regards,

Shaun

Answer 1

The quick solution for this is to install a plugin:

https://wordpress.org/plugins/case-insensitive-passwords/installation/

This one seems to do the trick and says it's compatible up to version 4.0

I've also found this one here

Edit showing the actual Code (confirmed working, just not for the password protected page because it uses other function http://codex.wordpress.org/Function_Reference/post_password_required):

<?php
if ( !function_exists('wp_set_password') ) {
    function wp_set_password( $password, $user_id ) {
        global $wpdb;
        $password = strtolower( $password );

        $hash = wp_hash_password($password);
        $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );

        wp_cache_delete($user_id, 'users');
    }
}
if ( !function_exists('wp_hash_password') ) {
    function wp_hash_password($password) {
        global $wp_hasher;
        $password = strtolower( $password );

        if ( empty($wp_hasher) ) {
            require_once( ABSPATH . 'wp-includes/class-phpass.php');
            // By default, use the portable hash from phpass
            $wp_hasher = new PasswordHash(8, TRUE);
        }

        return $wp_hasher->HashPassword($password);
    }
}
function case_insensitive_check_password( $check, $password, $hash, $user_id ) {
    global $wp_hasher;

    if ( !$check ) {
        if ( empty($wp_hasher) ) {
            require_once( ABSPATH . 'wp-includes/class-phpass.php');
            // By default, use the portable hash from phpass
            $wp_hasher = new PasswordHash(8, TRUE);
        }

        $password = strtolower( $password );
        $check = $wp_hasher->CheckPassword($password, $hash);
    }

    return $check;
}
add_filter( 'check_password', 'case_insensitive_check_password', 10, 4 );

EDIT:

I've reviewed the code and found that the better way is a quick and dirty hack on the form, forcing all the inserted characters to be lowercase.

Add the code below to the functions.php file:

function my_password_form() {
    global $post;
    $label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID );
    $o = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
    ' . __( "To view this protected post, enter the password below:" ) . '
    <label for="' . $label . '">' . __( "Password:" ) . ' </label>
    <input name="post_password" onChange="javascript:this.value=this.value.toLowerCase();" id="' . $label . '" type="password" size="20" maxlength="20" />
    <input type="submit" name="Submit" value="' . esc_attr__( "Submit" ) . '" />
    </form>
    ';
    return $o;
}
add_filter( 'the_password_form', 'my_password_form' );

Take in consideration that now you can only insert lowercase passwords in the administration, otherwise it will not work.

What the code is doing is onChange converting the inserted word to lowercase, but if you put a password with a capital letter, it's not going to work.

Ex: Password protected page password: Banana -> inserted password: Banana = it will compare Banana with banana, because the inserted will be lowercased.

You can check the hack as a plugin by following this link