Remove plain text passwords from Joomla registration emails

Joomla CMS sends registration welcome emails with plain text passwords, which is not a great security practice.

To prevent this you can modify language file:
language/en-GB/en-GB.com_users.ini

Depending on your Joomla installation language en-GB bit may be different for you.

We are interested in two entries:
COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY
COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY

This is full text:

COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be activated before you can use it.\nTo activate the account click on the following link or copy-paste it in your browser:\n%s \n\nAfter activation you may login to %s using the following username and password:\n\nUsername: %s\nPassword: %s"

COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be verified before you can use it.\nTo verify the account click on the following link or copy-paste it in your browser:\n %s \n\nAfter verification an administrator will be notified to activate your account. You'll receive a confirmation when it's done.\nOnce that account has been activated you may login to %s using the following username and password:\n\nUsername: %s\nPassword: %s"

In both cases password is passed by the last %s variable, so all we need to do is modify text so last %s is not included. For example, something like this:

COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be activated before you can use it.\nTo activate the account click on the following link or copy-paste it in your browser:\n%s \n\nAfter activation you may login to %s using the username: %s and the password you entered during registration."

Tested on Joomla 2.5.6

Newsletter

Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait