How to add Wp_error using lostpassword_post hook when validating custom field?

As of WordPress 4.4, the action lostpassword_post passes the $errors object:

function wpse_185243_lastpassword_post( $errors ) {
    if ( ! $captcha_valid /* The result of your captcha */ ) {
        $errors->add( 'invalid_captcha', '<strong>ERROR:</strong> Try again sonny.' );
    }
}

add_action( 'lostpassword_post', 'wpse_185243_lastpassword_post' );

Pre 4.4 legacy answer

Here’s the relevant code you’re referring to (retrieve_password() in wp-login.php):

function retrieve_password() {
    $errors = new WP_Error();

    // Some error checking

    do_action( 'lostpassword_post' );

    if ( $errors->get_error_code() )
        return $errors;


    // Some more code

    /**
     * Filter whether to allow a password to be reset.
     *
     * @since 2.7.0
     *
     * @param bool true           Whether to allow the password to be reset. Default true.
     * @param int  $user_data->ID The ID of the user attempting to reset a password.
     */
    $allow = apply_filters( 'allow_password_reset', true, $user_data->ID );

    if ( ! $allow )
        return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
    else if ( is_wp_error($allow) )
        return $allow;
}

As you say, there’s no way to get hold of $errors (it’s a local variable and is never passed to a filter/action – might be worth filing a feature request in a trac ticket).

However, it appears you can use allow_password_reset to return a new WP_Error, and WordPress will handle it in the same way as a core error:

function wpse_185243_lost_password_captcha( $result, $user_id ) {   
    if ( ! $captcha_valid /* The result of your captcha */ ) {
        $result = new WP_Error( 'invalid_captcha', '<strong>ERROR:</strong> Try again sonny.' );
    }

    return $result;
}

add_filter( 'allow_password_reset', 'wpse_185243_lost_password_captcha', 10, 2 );

Related Posts:

  1. How to change user password with wp-cli?
  2. wordpress redirect after password reset
  3. Loosen/disable password policy
  4. Password Protect Custom Page
  5. How can I change the default wordpress password hashing system to something custom?
  6. If I change the salt keys in my wp-config will all passwords break?
  7. Conditional to test if post has password protection enabled
  8. Bypass password protected posts via GET variable
  9. Check the password of a user
  10. Create a USERNAME and PASSWORD protected WordPress page
  11. Why do generated passwords start/end with spaces?
  12. Safe to store SMTP password in wp-config.php?
  13. Access code/password only restricts page access, no user registration..?
  14. Reseting admin password through PHPMyadmin fails
  15. Check Password Reset Key Not Woking
  16. Reset password – set minimum length for new password
  17. Forgot password not working
  18. wp_hash_password unexpected behaviour
  19. Password reset message – change the network_home_url( ‘/’ )
  20. Redirect a password protected page?
  21. WordPress: force users to change password on first login
  22. Can’t login to wordpress despite changing password to something known directly in MySQL or using “Password Reset by Email” feature
  23. Change default recovery link expiration time
  24. Lost password link redirects to my-account/lost-password/,how to fix it back to default lost password
  25. Password protect custom template
  26. Custom password generator for users
  27. Where is the reset password key stored/generated?
  28. Password protecting template, secured content not showing if even password is right
  29. How validate usernames/passwords against WP’s database?
  30. WordPress reset password returns invalid key
  31. Password reset bug? – “Sorry, that key does not appear to be valid”
  32. How to set minimum length and error message for password recovery?
  33. Why is resetting the WordPress Users password not working?
  34. post_password_required() not recognizing cookie set with correct password
  35. How Authentication in wordpress works? wp_authenticate_username_password()
  36. Password protect the site (without htaccess or membership)
  37. Password protection for page template
  38. Custom login form for front-end user as well as admin
  39. Enable Update button only when password is shown strong
  40. How to get user password before being encrypted outside the wordpress core once add a new user from dashboard?
  41. Adding parameters to password reset key
  42. wp_hash_password create a different hash everytime
  43. Custom password form allows unlock two posts with the same password
  44. How to change password
  45. Generating the password reset link automatically
  46. Password protect pages – allow more than one password
  47. Like to store multiple passwords in db table wp_posts field post_password?
  48. Send password to user instead of reset password link
  49. Protect Passwords in wp_users with stronger protection than MD5
  50. Custom form for password protected page
  51. How to check user’s password?
  52. What’s the algorithm to verify user password?
  53. How to change “Reset Password” text on submit button
  54. Customize retrieve password message
  55. How to recover password from a user
  56. WordPress admin creation through phpmyadmin not working
  57. Can’t alter $lostpassword_url
  58. current user’s password check
  59. How to initiate password reset flow by code
  60. Change password fields
  61. lostpassword_redirect filter is not used
  62. Password Protect or IP to access under development WordPress site otherwise shown a placeholder page
  63. Password protected sites
  64. Password-protected page redirecting to frontpage when I enter the password
  65. 2 accounts under same email preventing me from loging in
  66. Site only for users authenticated by different PHP application
  67. wordpress custom password change problem
  68. Allow all reset password links within the past 24 hours to be valid and accepted
  69. Set id and password for each post
  70. I have to reset the admin password each time
  71. Create Member who can’t be changed
  72. Automatically change the page password for more than one page
  73. Sending Reset Password email via Web API
  74. I can’t recover my password
  75. $expiration_duration = apply_filters( ‘password_reset_expiration’, DAY_IN_SECONDS );
  76. Cannot get function.php code to work to remove Lost Password link on live site
  77. Entering a WP site with a SMS code
  78. Problem with login / reset password links in users emails
  79. Lost Password redirect to My Account
  80. Multiple pages protected by different passwords. Possible to track multiple passwords at a time?
  81. How do I display the password field on the WordPress user registration screen?
  82. Not able to log for the first time on a salted WordPress by creating pwd on BD
  83. Custom page password recovery
  84. Password Protected Logout Button Not Working
  85. Can I use core passworded page/post functions outside of wp-login.php?
  86. Is it possible to display newly generated password after wp_generate_password()?
  87. Password protect wp-login.php
  88. How do I password protect a page of posts on WordPress?
  89. Revise my keyword but still cannot login
  90. WordPress not taking password and username
  91. Is it possible to have users register without having a password?
  92. Password Protection for posts and pages [duplicate]
  93. How WordPress hashes passwords
  94. Reset Password – change from name and email address. It stucks at admin. Want to change it to info
  95. WordPress reset password button not working
  96. check if post is set to “password protected”
  97. Why can’t I create an Application Password?
  98. FTP Password (not private key-value pair) for EC2 Instance
  99. How to Disable Pre-population of Password on Password Reset
  100. My WordPress password for admin account is changing automatically

Leave a Comment