The WordPress Lost Password Email
We’ve all done it. Not being able to remember passwords is one of the most annoying things about having so many website accounts across the internet. Fortunately, browsers nowadays let you save usernames and passwords for most websites so you don’t have to worry about losing login information that much. However, it does still happen. If you allow user registration on your WordPress site, users will inevitably need to reset their password at some point.
WordPress provides a default password-reset process that involves the user entering their username or email into a form. Once the form is submitted, WordPress sends an email to the user with that username/password that contains a link to reset their password. Once reset, the user can log in using their new password. The thing is that the canned email for this purpose is rather plain. The bright side, though, is that, like most things, WordPress gives us a way to customize this email. The code below does the following:
- Changes the “From” email address. This would be the email any reply is sent to.
- Changes the “From” name. This shows the recipient who the email is from.
- Changes the email subject.
- Changes the content type of the email to HTML so we can use markup within the message. Before, it was a plain-text message.
- Creates a custom message to use in the email body. This process involves assembling a URL with appropriate query arguments so WordPress can do the password reset, and adding a custom message containing that link to reset the password. The only part you’ll change is the message at the bottom (leave the
$reset_urlas is).
This is very nice, thank you!
I was wondering: what if we want to send the password reset email not to ‘user_email’, but to an additional profile (email) field we’ve just created for pass recovery purposes? I can image a couple of cases where an additional email field would be appropriate in case of pass loss…
Cheers!
Hello,
I tried your script inside a mu-plugins folder, but it doesn’t seem to be sending e-mails when I use this with WordPress 4.5.1. Are you aware if this script is compatible with the newest WP?
Cheers
Yes, it should work just fine. Try using it as a normal plugin rather than a mu plugin.
Actually I am creating my own page how i can use this code in that page ..
Page contents one text box and button now how i can integrate this code with that ..
Very nice!!!
Hi Ren,
thanks soooooo much for this tutorial – it saved my life 😉
There is only one small thing – I happen to fail to print out the login_name into the mail. The original WP password recovery mail has the user login in it, which makes it more simple for users to fill out the following form. Unfortunately I have near to no php-knowledge and did not find the right syntax to print out the login_name, e.g. instead of the first name, which you have in your fine example (I think user_name ist not part of user_meta data, to start with…?).
Could you give a hint here?
This is a fantastic tut, kuods and thanks! I’m curious to know if you’re coming out with a similar tut on modifying similar elements within the new user system emails.
Works like a charms and clean code, I like that :)!
Thanks!
Glad to hear!
One question – the $user_fname parameter doesn’t seem to be working. I’ve tried adjusting it a bit and it won’t pull the first name. Any ideas what may be wrong?
Hey, Andrew. Yes, something was wrong! Thanks for bringing this up. I fixed the code, so it should work now. Let me know.
This is excellent. Thanks for sharing it. I ended up using it with some changes and the WP Better Emails plugin, which makes it look pretty great. I just had to remove the ‘wp_mail_content_type’ line so it didn’t override the WP Better Emails format.
Ren,
I was using this for a little while but it doesn’t appear to work in the latest version of WordPress. The email is still customized however when the user clicks the reset link in their email they are presented with an invalid reset link error. Is there an update to this? Cheers.
Hi, Marc. Thanks for letting me know. I believe the issue here would have started after WordPress 4.3, which introduced changes to the password reset functionality. Anyway, I updated the code to account for these changes, and to clean it up some. I tested it out, and it’s working for me. Give it a shot.
Hi,
Great hack but how to change the content type of the email to HTML only to Lost Password email.
Now it changes all the emails to HTML
I don’t believe this is possible unless you create a custom password recovery process. The lost password email sent by WordPress is not extendable as to the headers. This means that you can’t override its content-type without doing so globally.
hey man, thx a lot for the hack ;). I only need to know where to paste it in my code to make it work. I think is in the login.php but i’m not sure. It will be a blast if you could help me 😉
In your functions.php file or a custom plugin. You never want to add it to a core WordPress file because it’ll be erased when WP is updated.
just wondering what the $key variable is – where it comes from. I am trying to apply this to a custom plugin
When a user resets their password, WordPress creates a key that is used in the reset URL to validate the request. This value is saved to the $key variable.
https://developer.wordpress.org/reference/hooks/retrieve_password_message/
So I pasted this in my functions.php and it does appear to update the reset password email…. however after it is submitted I simply get a white page. Should it not redirect back to the login page or elsewhere?
The front-end behavior shouldn’t change – just the emails. A blank white page means an error is occurring. Could you enable WP_DEBUG in your wp-config.php file and let me know what the error says?
Awesome tutorial works like a charm.
Do you have any tutorial on how to change the link URL and custom page when the reset password is clicked? Currently it says “mywebsite.com/wp-login.php?action=rp”, I mean for security reasons so users will not know if the site is running on WordPress.
This also happened to be on “mywebsite.com/wp-login.php?action=lostpassword”, any tutorial for a custom page for lostpassword and changing the URL? wp-login.php can be an easy access for hackers right?
Any advice is greatly appreciated. Thanks!
Hi, Chris. Check out the following links:
https://codex.wordpress.org/Plugin_API/Filter_Reference/lostpassword_url
https://digwp.com/2010/12/login-register-password-code/
Hopefully they’ll get you where you need. Let me know!
Thanks for the response, though I think the one from digwp is outdated.
By the way a request, can you add a search box somewhere in this site =)
Hey, Chris. With over 100 posts, I suppose a search form might be a good addition. You’re actually the second person I’ve had suggest that recently. I’ll look into and add one in the near future. Thanks for the suggestion. 🙂
Thats great… but where do we place this code??
Hello, Sean. Read the comment instructions box below for this information.