Passwords
A prerequisite of using ActiveMember360 is that the password used by the contact to login to the WordPress site/sites running ActiveMember360 is stored within your ActiveCampaign application.
A key benefit of this functionality is that the same password can be used for multiple sites.
The password is also stored for the user within WordPress.
Password Requirements
Where ActiveMember360 triggers the generation of passwords they comply with the default WordPress password settings of:
- Password length of 24 characters
- Allowable password strength of Strong
- Allowable characters for use within the password
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()
Password Contact Field
ActiveMember360 automatically creates the contact field in ActiveCampaign where the password is stored when ActiveMember360 is first connected to your ActiveCampaign application. See Connecting ActiveMember360 To Your ActiveCampaign API.
By default this is an ActiveCampaign text contact field named Password with the personalization tag of %PASSWORD%.
Please do not manually create a contact field in ActiveCampaign named password with the personalization tag of %PASSWORD%.
The field will be automatically created by ActiveMember360.
However if you have a site for which you wish to store the password within ActiveCampaign in a field of your choosing, so that not all sites must use the same password, this can configured within wp-config.php.
You would need to place a define in the wp-config.php of the site anywhere before the line /* That's all, stop editing! Happy blogging. */.
For example:
define('MBR_SET_PASSFIELD','mypassword');
This will create the contact field in ActiveCampaign with the personalization tag of %MYPASSWORD%.
That field mypassword will then be used for password functions/operations related to the site.
Password Generation
ActiveMember360 will never overwrite a password that is already stored within ActiveCampaign when any of the automatic password generation methods are used.
Using Automatic Webhooks
When ActiveMember360, Modules, Automatic Webhooks is enabled, which is the default ActiveMember360 setting, a password will be generated by ActiveMember360 if one does not already exist whenever the webhook is triggered, i.e when an ActiveCampaign contact is added or updated, and the associated HTTP POST sent to the WordPress site. It does not matter how the contact is added or updated.
ActiveCampaign does not provide a way to only trigger automatic webhooks for specific contacts when using the webhook triggers Contact Added or Contact Updated. This means that whenever a contact is added to your ActiveCampaign application, or updated, a password will be generated and stored by ActiveMember360 if one does not already exist.
When ActiveMember360 creates a WordPress User
There are many situations where ActiveMember360 may need to create a WordPress user.
These include:
- User created by using a WordPress Lost Password link, see here.
- User created by using the shortcode [mbr_password_send]
- User created by using the User Create Webhook
- User created by using the Contact Password Reset Webhook
In all these situations ActiveMember360 will store the password generated in ActiveCamapign if one does not already exist. It will not overwrite any existing password.
Using mbr_genpass Webhook
mbr_genpass is used with an ActiveCampaign webhook in an automation.
This allows a password to be generated only for contacts that are added to that specific automation and where the webhook workflow is executed.
It provides more control for whom a password is generated when compared to using ActiveMember360, Modules, Automatic Webhooks.
How to configure and use mbr_genpass is documented at ActiveMember360, Webhooks, mbr_genpass.
Using Autologin Module
When using ActiveMember360, Modules, Autologin a password will automatically be generated and stored for the ActiveCampaign contact, if one does not exist, during a success autologin attempt.
Using WooCommerce
When using WooCommerce in conjunction with ActiveMember360, Extensions, WooCommerce when WooCommerce triggers the automatic generation of a password that password will be stored in ActiveCampaign if one does not already exist.
If a password does exist in ActiveCampaign that password will be used by WooCommerce rather than a new password being generated.
Password Storage
Any password stored within WordPress is always stored encrypted.
The password stored by ActiveMember360 in ActiveCampaign can either be stored in the default format or be stored as an encrypted password.
Store Encrypted Passwords In ActiveCampaign
The only reason for using Store Encrypted Passwords In ActiveCampaign is if you wish to prevent plain text passwords from being displayed within your ActiveCampaign application.
Please ensure that you fully understand the implications of storing encrypted passwords in ActiveCampaign before activating that option available at ActiveMember360, Settings, Passwords, Switch to encrypted password storage in ActiveCampaign.
Once activated the switch to store encrypted passwords in ActiveCampaign changes how many of the features of ActiveMember360 function.
Also once passwords are stored encrypted if you wish to revert from storing encrypted passwords in ActiveCampaign the process is very involved. That process is detailed within Revert The Storage Of Encrypted Passwords In ActiveCampaign.
If you require any clarification or have any questions regarding storing encrypted passwords in ActiveCampaign please submit a support ticket for us to assist as detailed here. We recommend that you do not activate the storing of encrypted passwords until your ticket has been answered.
Here are some key points regarding storing encrypted passwords in ActiveCampaign:
When storing encrypted passwords in ActiveCampaign the only time it is possible to notify a contact of their password using an email is when it is first generated, as once stored encrypted it cannot be disclosed in any way.
When storing encrypted passwords in ActiveCampaign the login credentials email is sent automatically from WordPress not ActiveCampaign. The content of that email is defined within ActiveMember360, Settings, Templates, Login Credentials Email. You have the option of controlling if this email is sent.
The WordPress email mentioned will only be sent from the site where ActiveMember360 automatically generates the passwords.
If you have ActiveMember360, Modules, Automatic Webhooks enabled, which is the default ActiveMember360 setting, a password will be automatically generated by ActiveMember360 if one does not already exist whenever the webhook is triggered i.e when a contact is added or updated. It does not matter how the contact is created or updated.
This process cannot be selective. ActiveCampaign does not provide a way to only trigger automatic webhooks for specific contacts when using the webhook triggers
Contact AddedorContact Updated. This means that whenever a contact is added to your ActiveCampaign application or updated a password will be generated by ActiveMember360 if one does not already exist and they will receive an email detailing login credentials.You may have many sites running ActiveMember360 connected to the same ActiveCampaign application. Only one site is used to generate the password using the HTTP POST sent by the automatic webhooks. You do not have control over which site this is.
If an encrypted password is generated and stored by using either ActiveMember360, Modules, Autologin or ActiveMember360, Webhooks, mbr_genpass no new user email is sent from WordPress.
If you chose to store encrypted passwords in ActiveCampaign on one site that setting will automatically apply to all your sites connected to the same ActiveCampaign application.
When storing encrypted passwords in ActiveCampaign at no point can you send login credentials, or password reminders, for passwords from ActiveCampaign as the password is stored encrypted. If you send or view the password from within ActiveCampaign it will be the encrypted version and cannot be used to login.
However you can use the webhook ActiveMember360, Webhooks, Contact Password Reset to send the standard WordPress reset password email. The same email will be sent if any WordPress lost password link is clicked.
Given the above, the process we would recommend when chosing to enable store encrypted passwords is as follows. The contact is never notified by email of their login credentials by ActiveMember360 and can chose a password of their choice:
Disable the ActiveMember360 Login Credentials Email.
Ensure within ActiveMember360, Settings, Templates that for the Login Credentials Email the option Send login credentials is set to No.
You will need to use this setting on every one of your WordPress sites running ActiveMember360 and connecting to the same ActiveCampaign application.
Whenever a user signs-up or purchases a membership execute the ActiveMember360, Webhooks, mbr_genpass as a webhook from within an ActiveCampaign automation.
This will create a user in WordPress if one does not already exist. It will not overwrite nor reset any existing passwords.
In your ActiveCampaign purchase/signup automation/s place the following steps:
Conditions and Workflow, Webhook, URL
https://yoursite.com/?mbr_genpass=xxxxxxwhere xxxxxx is a security code of your choice set in ActiveMember360, Settings, Security, Security Codes.
where
https://yoursite.comis the Site URL as shown in WordPress, Settings, General, Site URL.Full details for mbr_genpass are available at ActiveMember360, Webhooks, mbr_genpass.
Direct your user after signup to a URL to allow them to either login with their existing credentials or set their own password. You would do this using the ActiveMember360, Shortcodes, mbr_password_send or the standard WordPress lost password link i.e.
https://yoursite.com/wp-login.php?action=lostpassword.You could also use ActiveMember360, Modules, Autologin to automatically log them in and send them to a page to choose their password where ActiveMember360, Shortcodes, mbr_password_change is used.