Articles of lost password

I don't understand why I shoud use lostpassword_url hook?

Look into my comment in the code below: // WHY can I not just do this? class Customuser { public function __construct() { // Using this when using lost password functionality add_filter(“lostpassword_url”, array( $this, ‘lostyourpasswordpage’) ); $html .= ‘<a href=”‘ . wp_lostpassword_url( get_bloginfo(‘url’) ) . ‘”>Forgot?</a>’; echo $html; // WHY can I not just do […]

Remove lost password form and URL

I’ve shut down password resets for all users. I now need to prevent /wp-login.php?action=lostpassword from doing anything should anyone manually input the URL into their browser. i.e. I don’t want the password reset form to show. Can I disable the action that’s being passed by the URL or can I redirect /wp-login.php?action=lostpassword to /wp-login.php?

How to change/rewrite the lost password url?

I used iThemes Security (formerly Better WP Security) hide back-end functionality to change the login url to /signin however clicking the lost password link /wp-login.php?action=lostpassword now generate a 404 Manually going to /signin?action=lostpassword works. I came across the following code below which is suppose to make the change to however after some testing it doesn’t […]

Disable WordPress password reset via mails,instead notify admin about the reset request

How can I disable password resets via mail and notify the admin via mail about the password reset request the user has made so that he can reset it manually? So what I’m looking here,the user enters his username/email id in the lost reset form,now here instead of a password reset link being mailed to […]

Password reset bug? – “Sorry, that key does not appear to be valid”

Recently my WordPress website’s reset password function has started to not work. When a user clicks the link that the ‘forgot your password?’ link sends out, it displays the error “Sorry, that key does not appear to be valid.”. I searched through some internet forums and this seems like a well-known issue, yet there is […]

Reset Password – change from name and email address

When the password reset goes out, the name is ‘WordPress’ and the from address is wordpress@domain.com. I need to change these to the company name. I’m running WordPress 3.8 multisite and have done the following: Updated general settings name and email address for the subsite Installed ‘WP Change Email’ plugin and updated the details However, […]

Is the “lost password” feature truly a vulnerability?

Disabling Password Resets I’ve come across numerous security hardening articles relating to various measures for disabling password resets (i.e. lost password retrieval). https://www.google.com/search?q=wordpress+disable+lost+password SQL Injection I’ve read that SQL injection can be used to obtain the user email etc. and ultimately to gain control of the site by intercepting the password reset email is automatically […]

User password field is empty

Note: actually, the described situation is on a local environment. I’d like to know what happens if it goes live with this setting. I’ve installed a plugin and it has reset all the password in the WP database, so now all passwords for existing users are empty. I’ve generated a new password for my personal […]

How to apply the “retrieve_password_message” filter?

I would like to change the body of the password reset email that WP sends out with something more friendly. I am trying to use the “retrieve_password_message” filter but I am messing it up. Can someone kindly post a sample code?

Customizing lost password email

I need to change the default email text that will be sent to recover the password. I have already changed the mail of activation in multisite: // Start changing email body function myprefix_change_activation_email_body ($old_body, $domain, $path, $title, $user, $user_email, $key, $meta) { $my_message .= “\n\nhello {$user} ,welcome to {$domain} !\n\n”; // … other stuff return […]