Go to the Configure WAF page. There are a lot of features which may be in play. In the Hardening tab we have a few options which can get in the way of saving a user:
Warn about use of well-known passwords. If the password they chose is in a hacker's database they will not be allowed to save the form. Please note that this is by default limited to users with elevated privileges, see the "User groups to check for well-known passwords" option below it.
Disable password reset for specific User Groups will prevent resetting the password for the "User groups blocked from resetting the password" in the option below it (only visible when the former is set to Yes). By default, this feature is disabled.
Disable editing user properties will disallow editing any parameter of a user, including their password, if they belong to one of the "Disable editing user properties for these user groups" shown in the option below it (only visible when the former is set to Yes). By default, this feature is disabled.
Disable creating / editing users from the frontend will prevent creating new users, or changing the properties of users, if they belong in or would end up belonging in a group listed in the option "Disable creating / editing users in these groups from the frontend" shown below it (only visible when the former is set to Yes). By default, this feature is disabled. By default, this feature is disabled.
Prevent forgotten backend users from logging in would deny the login, not the password reset, if you have a user with backend access who has not logged into the site over a certain period of time configured below it. By default, this is set to Super Users only and 90 days.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
