The site’s original developer was using the reset_password_message filter and had either done it incorrectly or the core code has changed. The following function now works:
function reset_password_message( $message, $key ) {
if ( strpos($_POST['user_login'], '@') ) {
$user_data = get_user_by('email', trim($_POST['user_login']));
} else {
$login = trim($_POST['user_login']);
$user_data = get_user_by('login', $login);
}
$user_login = $user_data->user_login;
$msg = __('The password for the following account has been requested to be reset:'). "\r\n\r\n";
$msg .= network_site_url() . "\r\n\r\n";
$msg .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
$msg .= __('If this message was sent in error, please ignore this email.') . "\r\n\r\n";
$msg .= __('To reset your password, visit the following address:');
$msg .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
return $msg;
}
add_filter('retrieve_password_message', reset_password_message, null, 2);