Steve Grunwell

Open-source contributor, speaker, and electronics tinkerer

Sunsetting WP Password Generator

My WP Password Generator plugin was my first foray into WordPress plugin development. It started back in 2010, just over a month after I started at Fahlgren Mortine, when my friend Greg Laycock and I were working on a client’s WordPress site and decided that manually generating passwords was a total pain. I suggested “what if we have a ‘Generate Password’ button on the user edit screen?”, he agreed, and I spent that night writing a quick plugin that makes an Ajax call to a script that generated a password. After we submitted it to the repository, we watched the download counts climb (I remember how thrilled we were once we crossed 100, and it just continued to rise from there).

As time went on, feature requests rolled in through the plugin forums and GitHub, but we intentionally kept the features simple (it’s a password generator, not a whole user management suite, after all). It was eventually rewritten to better adhere to the WordPress coding standards and use the native WordPress wp_generate_password() function instead of my home-rolled solution (which was actually pretty similar). It was never the flashiest plugin, but it was a perfect learning experience for both WordPress plugin development and managing an open-source project.

After version 2.2 was released, Chris Van Patten, President of Van Patten Media sent me the following email alerting me to the plugin not working in non-standard configurations:

I LOVE your WP-Password Generator! Frankly, I think it (or something
similar) should be part of core.

I’ve found a little bug (not really a bug, but an area for
improvement). In wp-password-generator.php, line 65, you enqueue the
generator script assuming that it will be located in wp-content. For
crazy folks like myself who move wp-content to another location (I
just use plain ol’ “content”) this creates a bad link, and the plugin
fails silently.

It’s a simple fix (for me I just deleted three characters) but it
could be made more compatible if you get the exact plugin directory
with something like $plugin_dir = basename(dirname(__FILE__)); (there
are probably even better options).

Thanks again for the great plugin, and I’ll be donating soon!

From that point, Chris became another person to bounce ideas off of, discuss functionality, and in some cases contribute directly to the development via pull requests. He became an advocate for my work, blogging about the plugin and re-tweeting almost anything I tweeted about its development. Van Patten was also true to his word, sending me a few bucks to thank me for my efforts on the plugin, thus marking the first (and only) time I’ve received cash for my (non-work supported) open-source work.

All good things…

Over a year ago I came across this post on WP Tavern, which pointed to a Trac ticket from WordPress all-star Pippin Williamson proposing the inclusion of a password generator in WordPress core (sometimes I hate when Chris is right). His suggestion was to incorporate a similar plugin, Simple User Password Generator –a 10up-maintained plugin – into WordPress core.

With the native password generator features set to hit primetime in WordPress 4.3, version 2.8 of WP Password Generator is slated to be the last; the plugin will check for core password generator functionality and, if found, will disable its own functionality.

Thank you to the thousands of people who have downloaded WP Password Generator in the last five years, especially the handful who have left reviews, suggested features, reported bugs, and generally been supportive of the plugin. It was a simple plugin, but it’s always been one of my favorites to work on. Through the support of the community, it’s been translated into six languages and has been downloaded over 24,000 times!

What does this mean for users?

Version 2.8 of the plugin checks the WordPress version before loading anything else and, if the core version is 4.3 or higher, the plugin will cease loading the rest of its functionality and instead display a small notice on the plugins page informing site owners that it’s safe to remove (along with a link to this post).

So long, and thanks for all the fish!

One last time, the contributors to WP Password Generator include:

So long, WP Password Generator.


Spam Warning: Search Engine Registration


Announcing Revision Strike


  1. Michel

    Thanks for the plugin and your time the past few years!

  2. Will

    Having just found your plugin I have to say thanks for the great work and also it’s a great addition to securing core!

  3. John Baker

    Yet, another example of the WordPress team cannibalizing the developers who actually make it useful. Sad!

  4. dagobert

    It is a great password since it was simple and did exactly one thing. this is different to most feature overblown plugins about security.

    There is just one important thing. I know you great plugin is called “generator” but you also implemented important things about password requirement. This important feature is still missing in 4.3, as fas as I investigated.

    Are you planning to keep this part alife in this or a seperate plugin? I and probably other users of your plugin would probably much appreciate it.

    • Hey Dagobert,

      Are you referring to the tie in with password strength meter or the ability to change the method by which passwords are generated? If the former, the WordPress native password generator automatically generates strong passwords. If it was the latter, WordPress still uses the pluggable wp_generate_password() function, which you can override in your theme (or as a quick feature plugin) to customize how passwords are generated throughout your entire site.

      Am I missing an important password requirement feature I’ve overlooked? If there’s something that you feel is necessary that’s missing with the new standard implementation I’d be happy to consider submitting it to core as a patch or developing a plugin for it.

      • dagobert

        I am sorry.

        I was thinking that your plugin was using the rules for generating a password, also made these rules mandantory for a password.

        That was my mistake.

        Besides yours, I am still looking for such a plugin as simple straight forward as yours.

        • No apologies necessary, it’s a great idea! I haven’t tried it myself, but it looks like Force Strong Passwords might be what you’re looking for; it mandates that users who can edit content must have a password that ranks as “strong” according to the strength meter, so that might be right up your alley.

          • dagobert

            I had a look into that and installed it for tests. It is compatible to 4.3 but I could not see any effect.

  5. Fabio

    Thank you for plugin! Very appreciated it. Best

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Be excellent to each other.