How to Stop Joomla Sending Passwords in Emails

: Written by Steve Burge Steve Burge; Published: 18 January 2019 18 January 2019

One of our members contacted us today and asked about web site security. They asked whether it was a good idea for Joomla to send passwords by email.

Our answer was "No!". You really should stop Joomla from sending passwords inside emails.

The image below shows a typical Joomla registration email, with the username and password included.

Joomla registration email

Here's why sending passwords by email is not recommended:

The email often is stored on several systems along the way to your mailbox.
The email often is stored on your computer in plain text or other unencrypted format
Even encrypted email can be broken in to, given enough computing time
Your account's security may have been compromised even before you read your email (changing the password will not help in this case)

So, here's how to disable the sending of passwords by email:

Go to Extensions > Manage.
Search for "User - Joomla!"

Joomla Passwords by Email

Make sure that "Notification Mail to User" is set to "No".
Save the plugin settings and you'll be done.

If you are still getting passwords sent, it's possible that another extension is controlling the process. Check for user registration extensions such as Community Builder or JomSocial.

Join Joomlashack

Get all our extensions for one low price. It's the best deal in Joomla!

Join Joomlashack today!

Please share our posts

You are welcome to translate, re-use and modify any Joomlashack post.

All we ask is that you link back to our original tutorial and that you don't use them commercially.

Full license details.

The Joomlashack Blog

How to Stop Joomla Sending Passwords in Emails