Unable to change owner's local account password in wp-admin

[Jaccuse]

Context and steps to reproduce

Atomic sites only. Trying to follow the process here as a user would add a password to the account they can log in to wp-admin with.

This is very commonly needed by WordPress.com users who have membership sites. It can actually make it impossible for them to make quite a few changes while their membership plugins are active (we would need to use WP-CLI to deactivate the plugin for them in order for them to access their pages, posts, or products, for example).

1. Go to Users -> All Users (classic view)
2. Edit the owner's user
3. Scroll down to the “Account Management” section
4. There is no longer an option to manually set a local password, only a link to change your WP.com password

What I am looking for:

What I see instead:

Site owner impact

Fewer than 20% of the total website/platform users

Severity

Major

What other impact(s) does this issue have?

Individual site owner revenue

If a workaround is available, please outline it here.

Have the user create a separate local admin account

Platform

No response

[Jaccuse]

One user report in 9310507-zen

[github-actions]

Support References

This comment is automatically generated. Please do not edit it.

• 9310507-zen

[Robertght]

I'm able to replicate this, but I'm not sure I see a case where this would help the user. I see it now.

For example, they have the Applications Passwords sections they could use for connecting to third party apps like IFTTT, however, this should ensure stable access to their account.

@dsas do you know if this came together with the recent wp-admin changes?

[dsas]

@Robertght the links back to WordPress.com were made by @Automattic/lego last year. Code here. See this PT: pbxlJb-63Y-p2

The recent changes T-Rex made to wp-admin has basically forced people to use "classic style", with some exceptions like the navigation menu width and the classic post editor. However this only takes place on specific screens, which doesn't include the users screen.

From a user point of view, it looks like disabling WordPress.com SSO pushes me into "classic style" but this is just be because nav unification is disabled without sso though - the Admin Interface Style remains on Default.

Update: I figured out the interface style was a red herring and rewrote this comment

[dsas]

I can reproduce the users description whether in treatment or control parts of the experiment.

[lsl]

I'm seeing a set new password button when classic style is enabled. Is this a suitable workaround?

cc @Automattic/zenith

[okmttdhr]

I'm seeing a set new password button when classic style is enabled. Is this a suitable workaround?

I see the same on Atomic sites with the Classic interface. It should be a workaround.

I was only able to reproduce this issue when editing my own profile on an Atomic site with the Default interface. It does not occur when editing other users' profiles.
We haven't implemented a local password for Atomic Default because it hasn't been possible since before. Prior to pbxlJb-63Y-p2, there was no /wp-admin/profile.php for Atomic Default, meaning no way to set a local password. https://github.com/Automattic/dotcom-forge/issues/5851#issuecomment-2210639810

Now that /wp-admin/profile.php is available on both Atomic Default and Classic, it might be worth implementing local password support for Atomic Default. We may need a spike similar to what we've done before: https://github.com/Automattic/dotcom-forge/issues/7756#issuecomment-2202011143

CC: @fushar

[fushar]

👋 I did the spike in https://github.com/Automattic/dotcom-forge/issues/7756#issuecomment-2202011143 while untangling the profile page (i.e., showing Core's profile.php instead of Calypso's).

Based on the spike, it IS actually possible for all Atomic site users to set a local password. However, for WordPress.com users, we decided to not show the local password option, because:

• we never supported that feature in the original Calypso screen, and
• it could be confusing for Atomic Default sites: here, we always show the WP.com login page (not Core's login.php), which expects the WP.com password, not the local password. The users might confuse the two.

The one thing that I didn't realize back then is that we can disable the SSO login... only then can the user see the Core login page and use the local password.

TLDR: it IS possible to support local password for Atomic users that are WordPress.com users (Default and Classic). The question is if we want to do that because it could be confusing for Atomic site users which do not have their SSO disabled. The other question is how to prioritize this effort. 😄 cc: @taipeicoder

[kelasante]

Also noting that users can also set a local password with SSO off or on at /wp-login.php?action=lostpassword; if SSO is on, they would have to make sure they choose the username/password option.

[Robertght]

I just checked this and it looks like it was already fixed as I can see this on my end:

I'm going to close it but please open it again if needed.