Change default recovery link expiration time

I would think this would change it to a month: add_filter( ‘password_reset_expiration’, function( $expiration ) { return MONTH_IN_SECONDS; }); using the built-in MONTH_IN_SECONDS constant. For a quick testing: add_filter( ‘password_reset_expiration’, function( $expiration ) { return 60; // A minute });

Can’t login to wordpress despite changing password to something known directly in MySQL or using “Password Reset by Email” feature

WordPress does NOT use the MD5 hash for passwords anymore. It uses the PHPass library to generate secure password hashes. However, WordPress will support MD5 hashed passwords. On the first login of a user with such a password, it will detect that case and change the password entry to be the newer, more secure, PHPass … Read more

WordPress: force users to change password on first login

I’ve put together a quick plugin at https://github.com/lumpysimon/wp-force-password-change in response to your question and a recent client request for exactly the same thing. It adds a user meta field on registration, then checks for the presence of this when a user is logged in. If it’s not there, they are redirected to the edit profile … Read more

Redirect a password protected page?

Tom J Nowell confirmed what was happening. Inserting wp_redirect in a template causes the page either to partially load or not load at all. It needed to be placed before the opening <html> to work as it would load everything before </head> then stop.

Password reset message – change the network_home_url( ‘/’ )

Let’s check the Codex and follow the links to the source: 3029 function network_home_url( $path=””, $scheme = null ) { 3030 if ( ! is_multisite() ) 3031 return home_url($path, $scheme); 3032 3033 $current_site = get_current_site(); 3034 $orig_scheme = $scheme; 3035 3036 if ( ! in_array( $scheme, array( ‘http’, ‘https’, ‘relative’ ) ) ) 3037 $scheme … Read more

Forgot password not working

Probably you dont have any mail server installed/enabled (like sendmail/qmail/postfix) in your local machine. You can still reset your admin password from database. The table “wp_users” stores the password in the “user_pass” field You can just replace the value with a md5 hash value of your desired password for the admin user. Note: This is … Read more

Reset password – set minimum length for new password

You may want to use the validate_password_reset hook instead. Try add_action( ‘validate_password_reset’ , ‘se_password_min_length_check’ 10, 2 ); function se_password_min_length_check( $errors, $user){ if(strlen($_POST[‘pass1’]) < 8) $errors->add( ‘password_too_short’, ‘ERROR: password is too short.’ ); }