Skip to main content

Passwords

A prerequisite of using ActiveMember360 is that the password used by the user/contact to login to the WordPress site/sites running ActiveMember360 is stored within your ActiveCampaign application.

The password is also stored for the user within WordPress.

ActiveMember360 will automatically store the password in ActiveCampaign when ActiveMember360 is used to generate the password.

ActiveMember360 automatically creates the contact field in ActiveCampaign where the password is stored when ActiveMember360 is first connected to your ActiveCampaign application. See Connecting ActiveMember360 To Your ActiveCampaign API.

Important

Please do not manually create a contact field in ActiveCampaign named password.

The field will be automatically created by ActiveMember360.

Password Requirements

ActiveMember360 has settings for the following when passwords are generated:

  • Minimum number of password characters
  • Maximum number of password characters
  • Allowable characters for use within the password

These password requirements are defined in ActiveMember360, Settings, Passwords.

Password Generation

Note

ActiveMember360 will never overwrite a password that is already stored within ActiveCampaign when any of the password generation methods are used.

Using Automatic Webhooks

When ActiveMember360, Modules, Automatic Webhooks is enabled, which is the default ActiveMember360 setting, a password will be generated by ActiveMember360 if one does not already exist whenever the webhook is triggered, i.e when an ActiveCampaign contact is added or updated, and the associated HTTP POST sent to the WordPress site. It does not matter how the contact is added or updated.

ActiveCampaign does not provide a way to only trigger automatic webhooks for specific contacts when using the webhook triggers Contact Added or Contact Updated. This means that whenever a contact is added to your ActiveCampaign application, or updated, a password will be generated and stored by ActiveMember360 if one does not already exist.

Using mbr_genpass Webhook

mbr_genpass is used with an ActiveCampaign webhook in an automation.

This allows a password to be generated only for contacts that are added to that specific automation and where the webhook workflow is executed.

It provides more control over whom a password is generated when compared to using ActiveMember360, Modules, Automatic Webhooks.

How to configure and use mbr_genpass is documented at ActiveMember360, Webhooks, mbr_genpass.

Using Autologin Module

When using ActiveMember360, Modules, Autologin a password will automatically be generated and stored for the ActiveCampaign contact, if one does not exist, during a success autologin attempt.

Using WooCommerce

When using WooCommerce in conjunction with ActiveMember360, Extensions, WooCommerce when WooCommerce triggers the automatic generation of a password that password will be stored in ActiveCampaign if one does not already exist.

If a password does exist in ActiveCampaign that password will be used by WooCommerce rather than a new password being generated.

Password Storage

Any password stored within WordPress is always stored encrypted.

The password stored by ActiveMember360 in ActiveCampaign can either be stored in the default format or be stored as an encrypted password.

Store Encrypted Passwords In ActiveCampaign

Important

Please ensure that you fully understand the implications of storing encrypted passwords in ActiveCampaign before activating that option available at ActiveMember360, Settings, Passwords, Switch to encrypted password storage in ActiveCampaign.

Once activated the switch to store encrypted passwords in ActiveCampaign changes how many of the features of ActiveMember360 function.

Also once passwords are stored encrypted if you wish to revert from storing encrypted passwords in ActiveCampaign the process is very involved. That process is detailed within Revert The Storage Of Encrypted Passwords In ActiveCampaign.

If you require any clarification or have any questions regarding storing encrypted passwords in ActiveCampaign please submit a support ticket for us to assist here. We recommend that you do not activate the storing of encrypted passwords until your ticket has been answered.

Here are some key points regarding storing encrypted passwords in ActiveCampaign:

  • When storing encrypted passwords in ActiveCampaign the only time it is possible to notify a contact of their password is when it is first generated, as once stored encrypted it cannot be disclosed in any way.

  • When storing encrypted passwords in ActiveCampaign the login credentials email is sent automatically from WordPress not ActiveCampaign. The content of that email is defined within ActiveMember360, Settings, Templates, Login Credentials Email.

  • The WordPress email mentioned will only be sent from the site where ActiveMember360 automatically generates the passwords.

  • If you have ActiveMember360, Modules, Automatic Webhooks enabled, which is the default ActiveMember360 setting, a password will be automatically generated by ActiveMember360 if one does not already exist whenever the webhook is triggered i.e when a contact is added or updated. It does not matter how the contact is created or updated.

    This process cannot be selective. ActiveCampaign does not provide a way to only trigger automatic webhooks for specific contacts when using the webhook triggers Contact Added or Contact Updated. This means that whenever a contact is added to your ActiveCampaign application or updated a password will be generated by ActiveMember360 if one does not already exist and they will receive an email detailing login credentials.

  • You may have many sites running ActiveMember360 connected to the same ActiveCampaign application. Only one site is used to generate the password using the HTTP POST sent by the automatic webhooks. You do not have control over which site this is.

  • If an encrypted password is generated and stored by using either ActiveMember360, Modules, Autologin or ActiveMember360, Webhooks, mbr_genpass no new user email is sent from WordPress.

  • If you chose to store encrypted passwords in ActiveCampaign on one site that setting will automatically apply to all your sites connected to the same ActiveCampaign application.

  • When storing encrypted passwords in ActiveCampaign at no point can you send login credentials, or password reminders, for passwords from ActiveCampaign as the password is stored encrypted. If you send or view the password from within ActiveCampaign it will be the encrypted version and cannot be used to login.

  • When storing encrypted passwords in ActiveCampaign the standard WordPress password reset process is used. When the WordPress lost password link is clicked, or when a visitor submits their email address from where the ActiveMember360 shortcode ActiveMember360, Shortcodes, mbr_password_send is used, the standard WordPress password reset email will be sent to those visitors.

Given the above, the process we would recommend when chosing to enable store encrypted passwords is as follows. The contact is never notified by email of their login credentials by ActiveMember360 and can chose a password of their choice:

  1. Disable the ActiveMember360 Login Credentials Email.

    Ensure within ActiveMember360, Settings, Templates that for the Login Credentials Email the option Send login credentials is set to No.

    You will need to use this setting on every one of your WordPress sites running ActiveMember360 and connecting to the same ActiveCampaign application.

  2. Whenever a user signs-up or purchases a membership execute the ActiveMember360, Webhooks, mbr_genpass as a webhook from within an ActiveCampaign automation.

    This will create a user in WordPress if one does not already exist. It will not overwrite nor reset any existing passwords.

    In your ActiveCampaign purchase/signup automation/s place the following steps:

  3. Direct your user after signup to a URL to allow them to either login with their existing credentials or set their own password. You would do this using the ActiveMember360, Shortcodes, mbr_password_send or the standard WordPress lost password process.

    You could also use ActiveMember360, Modules, Autologin to automatically log them in and send them to a page to choose their password where ActiveMember360, Shortcodes, mbr_password_change is used.