cartoonsmart2

Yeah I go through this every time WP changes the wp-login.php file. Here’s my notes. Download the wp-login.php file (Duplicate it, just in case). Then find this line….

$message .= ‘<‘ . network_site_url( “wp-login.php?action=rp&key=$key&login=” . rawurlencode( $user_login ), ‘login’ ) . “>\r\n”;

And remove the < and > So it should now be this…

$message .= ‘ ‘ . network_site_url(“wp-login.php?action=rp&key=$key&login=” . rawurlencode($user_login), ‘login’) . “\r\n”;

Replace the wp-login.php.

If you aren’t a PHP guru, removing those greater than and less than symbols won’t affect the PHP code at all. These symbols are printed out to the user when they see the screen that says “To reset your password, visit the following address:” The inclusion of those symbols makes it a bad link and they can’t visit the address.

And yeah, to follow up with what Sharon said I don’t understand how this error has been overlooked for so long.

• This reply was modified 6 years, 12 months ago by cartoonsmart2.

Thanks TrueThemes!

Glad to know it won’t be the apocalypse!

I’m curious too. All of our site’s images are hosted on S3 to take the delivery weight off our server. I’m guessing most people that use this plugin are doing the same for their WordPress sites.

It seems like only the client (person browsing from an old unpatched for POODLE browser) would be affected and possibly not see images.

I’m curious about this too. One of the articles linked up said “less than 0.09% of their visitors still rely on SSLv3” …So I would assume unless you are among that small percentage you are okay. I use S3 to host all the images on my site and take the weight off delivering those myself. So are 0.09% of visitors not going to see those images?

Also I’m guessing this only affects links with “https” (vs just “http”). Anyone less clueless want to chime in?