What should the url for password reset look like

  • A contributor is getting many password reset emails.
    The url looks like it is coming from WordPress, but I am unclear as to what that url should look like.
    Also unclear on what to do to prevent this?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    If he’s not requesting them, it means either (1) someone else who has their login wrong is requesting them (so you might want to look at similar user ids and ask) or (2) someone’s trying to hack, in which case you can ignore them.

    Wordfence can also be used to set a limit on the number of such requests in a given time period.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Sorry… forgot this:

    The url is like

    <https://example.com/wp-login.php?action=rp&key=somelongkeyhere&login=theIDhere>

    Thread Starter dragonsjaw

    (@dragonsjaw)

    Thanks Steve, what about the email to the user:
    she is getting this

    Forwarded message ———
    From: WordPress
    <wordpress at b28 dot us>

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    The email will come from [email protected]

    Thread Starter dragonsjaw

    (@dragonsjaw)

    So if it not coming from there.. as it states above, is there anything I can do to stop it?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    If it’s not being sent by your site, you can’t do anything about it — except flag it as spam so your email starts learning that it’s to be ignored.

    Thread Starter dragonsjaw

    (@dragonsjaw)

    Thanks Steven, I appreciate the help..bit of brain fog here today. LOL

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘What should the url for password reset look like’ is closed to new replies.