- This topic has 7 replies, 2 voices, and was last updated 4 years, 2 months ago by
.
-
Posts
-
I recently moved my site across to Generatepress. I’m having an issue when a user tries to reset their password.
When they clicked the password reset link, they receive an email with a bogus password reset link that looks like this: /wp-admin/users.php?action=rp&users=755&_wpnonce=a7901a7929&key=QtHj030gr1Ez6StHYyds&login=test
As a workaround, I added a code snippet to functions.php (via a Code Snippets plugin rather than directly modifying functions.php):
add_filter("retrieve_password_message", "mapp_custom_password_reset", 99, 4); function mapp_custom_password_reset($message, $key, $user_login, $user_data ) { $message = "Someone has requested a password reset for the following account: " . sprintf(__('%s'), $user_data->user_email) . " If this was a mistake, just ignore this email and nothing will happen. To reset your password, visit the following address: " . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n"; return $message; }This provides a clickable link in the password reset email, but when clicked, you get the error message “Your reset password key is invalid.”
Furthermore, when I send a user a password reset email from their user profile, they get the original bogus password reset link I posted above.
I suspect this all points to some sort of issue with the theme, as this functionality was working prior to moving across to GeneratePress. Any help would be greatly appreciated.
Customer Support
Hi there,
everything to do with passwords including reseting them is a core WordPress function – GeneratePress doesn’t interfere with that in any way.
Invalid Key errors are generally related to caching. Do you have any server side caching or plugin page caching ?
Hi David, thanks very much for the reply. And apologies if I’ve spammed the board with something unrelated to GeneratePress. Much appreciate your response.
I can confirm we don’t have any plugins related to caching.
However, we are hosted on WP Engine and use CloudFlare which both cache the site for us. So I’ve excluded the login and password reset pages from both the WP Engine and CloudFlare caches.
I’ve purged both caches and tested again, and we still have the same issue.
The reason I thought it must be related to GeneratePress is that this issue only arose when we switched to GeneratePress from our previous custom theme.
If you have any ideas, I’d love to hear them. Cheers.
Is it the default WP login form ? Or are you using any other method eg. woocommmerce, members site login ….
I’ve tried both.
I’m running a Paid Memberships Pro login form, but I’ve also tried setting it to the default WordPress login form, and I get the same behaviour.
If its affecting both then i would suspect its something odd at the server lever. Could be server caches, firewall, security mod. Have you spoken with WP Engine ?
A little – only to ask them to add the login pages to the cache exclusion list though. I did try explaining it the person I was chatting with, but they basically said they couldn’t see anything wrong and it was probably either the theme or a plugin. I’ll go back to them and see if I can speak to someone else.
Thanks for your advice
Yeah GP doesn’t get involved with that kinda thing. We don’t provide a template for the password_reset so its using the core one or the membership one for that.
Could be a WP Engine issue – someone else had a similar problem:
- You must be logged in to reply to this topic.
