On this page you can configure how Next ADI should handle passwords to keep your users credentials safe.
Set local password on first successful login
The first time a user logs on in WordPress, his local password will be equated with the password he used to authenticate against the Active Directory. If this option is deactivated a random password for this user will be set. The option does only work if User > Automatic user creation is enabled.
Please note: Enabling this option increases the attack vector on your WordPress instance. Passwords are no longer only stored inside the Active Directory, they are also stored in the WordPress database. Although we encrypt the passwords there could be a brute force attack to crack the passwords if your WordPress database gets compromised.
Allow local password changes
Enabling this option allows users to change their local WordPress password. This option has no effect to the Active Directory password. Local passwords will never be synchronized back to the Active Directory.
Fallback to local password
If this option is enabled, users who failed to authenticate against Active Directory can authenticate against the local WordPress password check. This might be a security risk if for example the local password is outdated. We recommended to disable this option.
Automatic password update
This option updates the local password every time a user successfully logs in. If a user has changed his Active Directory password and successfully authenticates against Active Directory while trying to login to WordPress, his local WordPress password will be equated with the new Active Directory password.
Note: Activating this option makes little sense if Allow local password changes is enabled. Works only if User > Automatic user creation and User > Automatic user synchronization is enabled.
Enable lost password recovery
Turning this option on will allow users to reset their local password in the login screen. The Active Directory password can never be recovered.