Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#28316 closed defect (bug) (fixed)

Resetting Password via wp_set_password in functions.php creates reset loop

Reported by: ipstenu's profile Ipstenu Owned by:
Milestone: 4.0 Priority: normal
Severity: normal Version: 3.8
Component: Login and Registration Keywords:
Focuses: docs, administration Cc:


This is an extreme edge case, but here's the story.

One of the directions on resetting your passwords involves using wp_set_password():

The wp_set_password part works great, user added it to functions.php, password was reset. The PROBLEM is that they couldn't log in.

  1. After you then are able to login, make sure to go back and remove that code.

It will reset your password on every page load until you do.

The password was resetting on every page load, which meant they'd log in, the password would reset, and they'd be logged out and sent back to the login page with no error message. You just got a loop. The fix was to set the password in functions, refresh a page, DELETE that line, and go back in.

I believe this is related to changes made in how we allow for in-line logins on wp-admin, as when I tested by being logged in and changing the password via wp_set_password and also in the DB. When I did that, I was prompted by WP to log in again.

Change History (5)

#1 @SergeyBiryukov
9 years ago

The fix was to set the password in functions, refresh a page, DELETE that line, and go back in.

I think we should just update the Codex page to suggest this instead of trying to log in without removing the code.

#2 @SergeyBiryukov
9 years ago

  • Focuses docs added
  • Keywords needs-codex added

#3 @DrewAPicture
9 years ago

In 29461:

Improve the wp_set_password() PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file.

See #28316.

#4 @DrewAPicture
9 years ago

  • Keywords needs-codex removed
  • Milestone changed from Awaiting Review to 4.0
  • Resolution set to fixed
  • Status changed from new to closed

Updated the Codex:

Also preempted the inevitable adding of a note to the PHPDoc when the Codex page is redirected in [29461].

#5 @DrewAPicture
9 years ago

In 29462:

s/does/does not in wp_set_password() docblock.

See [29461]. See #28316.

Note: See TracTickets for help on using tickets.