Password Reset broken after update!
-
After I updated Ultimate Member to the newest version today my users told me that the password reset function is broken. There are several problems with it.
- My mail-template for the password reset is not used, instead of the HTML-Mail I get the default WordPress password reset E-Mail
- If the user clicks on the link he gets redirected to the default password reset page of WordPress instead of the one from Ultimate Member. Example: https://www.myWebsite.de/wp-login.php?action=rp&key=lk8Pj0GC8oG8dkPixC14&login=Username&itsec-hb-token=wp-login&wp_lang=de_DE
- That does not work, because my security plugin renamed this page. Therefore the user lands on an error page. I guess many security plugins do this by default and when I revert the renaming my wp-login.php gets constantly “attacked”.^^
When I remember right before the update Ultimate Member used it’s own password reset page which was also way more userfriendly.
-
I found a temporary workaround to revive the UM-password-reset function. If I add the following to my function.php:
// Set the email content type to HTML add_filter( 'wp_mail_content_type', function( $content_type ) { return "text/html"; }); // Change the password reset email add_filter( 'retrieve_password_message', 'custom_retrieve_password_message', 10, 4 ); function custom_retrieve_password_message( $message, $key, $user_login, $user_data ) { $reset_link = network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login'); // Start with your custom message text $message = '<div style="max-width: 560px; padding: 20px; background: #ffffff; border-radius: 5px; margin: 40px auto; font-family: Open Sans,Helvetica,Arial; font-size: 15px; color: #666;">'; $message .= '<div style="color: #444444; font-weight: normal;"><div style="text-align: center; font-weight: 600; font-size: 26px; padding: 10px 0; border-bottom: solid 3px #eeeeee;">' . get_bloginfo('name') . '</div>'; $message .= '<div style="clear: both;"> </div></div>'; $message .= '<div style="padding: 0 30px 30px 30px; border-bottom: 3px solid #eeeeee;">'; $message .= '<div style="padding: 30px 0; font-size: 24px; text-align: center; line-height: 40px;">Someone requested a password reset for the following account:</div>'; $message .= '<div style="padding: 10px 0 50px 0; text-align: center;"><a style="background: #555555; color: #fff; padding: 12px 30px; text-decoration: none; border-radius: 3px; letter-spacing: 0.3px;" href="' . $reset_link . '">Reset Your Password</a></div>'; $message .= '<div style="padding: 15px; background: #eee; border-radius: 3px; text-align: center;">If you did not make this request, you can ignore this email <a style="color: #3ba1da; text-decoration: none;" href="mailto:' . get_option( 'admin_email' ) . '">or let us know</a>.</div></div>'; $message .= '<div style="color: #999; padding: 20px 30px;"><div>Best Regards</div><div>Your Name</div><div> </div><div><a href="' . site_url() . '" target="_blank" rel="noopener">Your Website</a><br />' . get_option( 'admin_email' ) . '</div></div></div>'; return $message; }For some reason the resulting link in the mail then does not really point to the wp-login.php but to the default UM-password-reset again and works. Of course you have to replace the message and placeholders for your needs. But I hope soon I can remove this filter again, when it is fixed.
Edit: Something strange happend now. The password reset works again, without the hook… I am not sure, what happened here.
- The topic ‘Password Reset broken after update!’ is closed to new replies.
