bp_core_filter_blog_welcome_email( string $welcome_email, int $blog_id, int $user_id, string $password )

Replace the generated password in the welcome email with ‘[User Set]’.


On a standard BP installation, users who register themselves also set their own passwords. Therefore there is no need for the insecure practice of emailing the plaintext password to the user in the welcome email.

This filter will not fire when a user is registered by the site admin.



(string) (Required) Complete email passed through WordPress.


(int) (Required) ID of the blog user is joining.


(int) (Required) ID of the user joining.


(string) (Required) Password of user.


(string) Filtered $welcome_email with $password replaced by '[User Set]'.


File: bp-core/bp-core-filters.php

function bp_core_filter_blog_welcome_email( $welcome_email, $blog_id, $user_id, $password ) {

	// Don't touch the email when a user is registered by the site admin.
	if ( ( is_admin() || is_network_admin() ) && buddypress()->members->admin->signups_page != get_current_screen()->id ) {
		return $welcome_email;

	// Don't touch the email if we don't have a custom registration template.
	if ( ! bp_has_custom_signup_page() )
		return $welcome_email;

	// [User Set] Replaces $password in welcome email; Represents value set by user
	return str_replace( $password, __( '[User Set]', 'buddyboss' ), $welcome_email );


Version Description
BuddyPress 1.2.1 Introduced.


We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.