How to Stop Joomla Sending Passwords in Emails

How to Stop Joomla Sending Passwords in Emails

One of our members contacted us today and asked about web site security. They asked whether it was a good idea for Joomla to send passwords by email.

Our answer was "No!". You really should stop Joomla from sending passwords inside emails.

The image below shows a typical Joomla registration email, with the username and password included.

Joomla registration email

Here's why sending passwords by email is not recommended:

  • The email often is stored on several systems along the way to your mailbox.
  • The email often is stored on your computer in plain text or other unencrypted format
  • Even encrypted email can be broken in to, given enough computing time
  • Your account's security may have been compromised even before you read your email (changing the password will not help in this case)

So, here's how to disable the sending of passwords by email:

  • Go to Extensions > Manage.
  • Search for "User - Joomla!"

Joomla Passwords by Email

  • Make sure that "Notification Mail to User" is set to "No".
  • Save the plugin settings and you'll be done.

Joomla Notification Mail to User

If you are still getting passwords sent, it's possible that another extension is controlling the process. Check for user registration extensions such as Community Builder or JomSocial.