Title: Password Reset Issues
Last modified: August 30, 2016

---

# Password Reset Issues

 *  Plugin Author [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/)
 * (@jfarthing84)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/password-reset-issues-3/)
 * This thread is meant to be the “goto” source for the current number one problem
   plaguing TML users – the password reset issue. There are a few known problems
   along with a few solutions that I will outline below.
 * **Password reset form is unusable**
    WordPress 4.3 changed the way that the password
   reset process is presented. Instead of typing the password twice, you are presented
   with a single field which has an auto-generated password already in it. You can
   manually change this to something of your liking, if you wish.
 * TML has not yet been updated to be compatible with this new experience. However,
   [TML 6.4 RC1](https://wordpress.org/support/topic/theme-my-login-64-release-candidate-1?replies=1)
   has just been released, which means that the official fix is right around the
   corner.
 * **Password reset always returns an invalid key error**
    Before WordPress 4.3,
   not sure exactly when, the password reset process was also changed. When you 
   reset your password, you get an email with a link to click to perform the actual
   reset. This link includes a secure reset key. The problem was, this key was passed
   around in the URL, potentially in the clear if not using SSL. So the WP developers
   changed the code to store the password reset key in a cookie when you fist click
   the link from your email. This is all fine and dandy.
 * The problem with this cookie method and TML arises when you either use a page
   caching plugin or are using a host who employs their own caching method, which
   is very common for WP specialized hosting. These hosts exclude `wp-login.php`
   from their caching system. However, as you know, TML takes this process and puts
   it into a regular WP page, which isn’t excluded from these types of caching systems.
 * The answer to this is actually quite simple. You either exclude the Reset Password
   page from your caching plugin or ask your host to do it.
 * [https://wordpress.org/plugins/theme-my-login/](https://wordpress.org/plugins/theme-my-login/)

Viewing 15 replies - 1 through 15 (of 77 total)

1 [2](https://wordpress.org/support/topic/password-reset-issues-3/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/password-reset-issues-3/page/3/?output_format=md)
[4](https://wordpress.org/support/topic/password-reset-issues-3/page/4/?output_format=md)
[5](https://wordpress.org/support/topic/password-reset-issues-3/page/5/?output_format=md)
[6](https://wordpress.org/support/topic/password-reset-issues-3/page/6/?output_format=md)
[→](https://wordpress.org/support/topic/password-reset-issues-3/page/2/?output_format=md)

 *  [Stephand](https://wordpress.org/support/users/stephand/)
 * (@stephand)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6541810)
 * Hello Jeff,
    after creating a new user, wordpress will propose a password and
   send an email with a link directed to the resetpass page. In this page, the user
   is proposed to create a password. When typing it in the relevant box, a second
   box is showing what the user is typing. Then once this is done, the user is requested
   to type the password on a 3rd box “Confirm new password” but here is the problem.
   Each character that is typed in the 3rd box will clear the 1st and the 2nd box
   with only one character. If I choose “password” as the password, I would then
   first type on the 3rd box “p” and that would replace “password” by “p” on the
   1st and the 2nd box. Then I would type “a” and that would would replace “p” by“
   a” on the 1st and the 2nd box… So I cannot have the same password on the three
   boxes and I am blocked. I hope I am clear enough. I am on WordPress 4.3 Thank
   you for your help, best regards, Stephan
 *  [Larry](https://wordpress.org/support/users/lkagan/)
 * (@lkagan)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6541841)
 * Using 6.4-RC1:
 * Chrome DevTools is open with “Disable cache (while DevTools is open)” option 
   selected and no caching plugin on the server.
 * The “Password reset always returns an invalid key error” issue still exists for
   me. Please let me know if I can provide more information. I can step through 
   the code via Xdebug if you have a specific variable or control flow you want 
   me to check.
 * Thanks.
 *  [kseniyasqo](https://wordpress.org/support/users/kseniyasqo/)
 * (@kseniyasqo)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6541930)
 * With TML 6.4 RC 1, but password reset form is still unusable – when I try to 
   type the password confirmation, the first field resets and I always get Passwords
   do not match error. Is this gonna be the final version?
 * Though, there is no key expired error.
 *  [Mike](https://wordpress.org/support/users/thewordpressdude/)
 * (@thewordpressdude)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6541951)
 * I installed the TML 6.4 RC1 update and it seems to work great with 4.3, and even
   4.3.1. I was able to reset my password and it all went well.
    Thanks, Mike
 *  [kseniyasqo](https://wordpress.org/support/users/kseniyasqo/)
 * (@kseniyasqo)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6541953)
 * Okay, I found the root of the issue, I had customized profile and password reset
   pages under my theme folder, they were taking over new TML beta pages.
    All looks
   to be fine! Thanks
 *  Plugin Author [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/)
 * (@jfarthing84)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6541970)
 * [@lkagan](https://wordpress.org/support/users/lkagan/) Using Chrome’s dev tools,
   look at the Network tab and make sure that “Preserve log” is checked. Directly
   copy/paste the reset link into the browser. The first request should issue a 
   redirect with a cookie attached to it. The second request should also contain
   that cookie. Start there.
 * P.S. The “Disable cache” option only disables your browser’s cache, not server
   side caching.
 *  [Chuck Reynolds](https://wordpress.org/support/users/ryno267/)
 * (@ryno267)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6542009)
 * watching for updates
 *  [Matt](https://wordpress.org/support/users/matt_s_9/)
 * (@matt_s_9)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6542025)
 * I have two similar (same theme) websites with TML. With both sites, I’ve updated
   to WP 4.3.1 and TML 6.4. On one site, everything is working great. On the site
   that uses SSL and W3 Total Cache, everything works except when resetting a password,
   it says key is invalid. W3 Total Cache is only caching static files and serving
   them from a CDN, so it’s not caching pages. Regardless, I deactivated it, but
   that didn’t solve the problem. I notice that when I click the lost password link,
   there’s a redirect that strips the query string and saves a cookie. The correct
   key and username/email is stored in the cookie. But the hidden fields “key” and“
   login” on the reset-password page are left blank. Since the only difference between
   the 2 sites is SSL, my guess is there is a problem reading the cookie when using
   https?
 *  [Stephand](https://wordpress.org/support/users/stephand/)
 * (@stephand)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6542026)
 * hello all,
    as far as I was concerned, it looks like I had too many extensions
   working on (TML, SB Welcome Email Editor, WP Better Emails) I only kept TML and
   now it is working fine although my emails is not a nice as they were before but
   I can cope with this. So I am not sure the issue I had was related to TML. Best
   regards, Stephan
 *  [Matt](https://wordpress.org/support/users/matt_s_9/)
 * (@matt_s_9)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6542027)
 * woops, nevermind. Like kseniyasqo found previously, those hidden fields on the
   reset pass form have been updated with 6.4, and when I include those changes (
   using the $GLOBALS variable) and rp_key in my template the key is valid and the
   password is reset! Thanks for the great plugin!
 *  [Jan Borms](https://wordpress.org/support/users/jborms/)
 * (@jborms)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6542032)
 * Hi Jeff,
 * first at all, thanks for your work and time to develop this great plugin!
    Like
   some others, I have the “invalid key error”-issue. I contacted my hoster to remove
   pages form the server cache to try to solve the issue. They excluded /wp-content/
   plugins/theme-my-login/templates/resetpass-form.php but that does not solve the
   problem. Can you be more specific, which pages needs to be excluded?
 * Thanks in advance,
    Jan
 *  [fourwhitesocks](https://wordpress.org/support/users/fourwhitesocks/)
 * (@fourwhitesocks)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6542035)
 * FYI: using WP 4.3.1. and TML 6.4
 * Ok thank you for the great plugin 🙂
 * I’m having similar issues, except with mine it’s saying “Your password reset 
   link appears to be invalid. Please request a new link” (even though they just
   did the reset link and are entering the correct auto-generated password), yet
   it actually is logging them in (giggle). Is it just getting redirected wrong 
   or something? It seems so close to working…
 * I’m thanking anyone that can help up front!
 *  [star_movie_02](https://wordpress.org/support/users/star_movie_02/)
 * (@star_movie_02)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6542049)
 * Hi all,
 * Theme my login 6.4 has fixed the reset password invalid key error. But actually
   in the bad way, it show me new password below the password field.
    Does anyone
   meet this issue? How to fix it officially.
 * Thanks and regards!
 *  [fourwhitesocks](https://wordpress.org/support/users/fourwhitesocks/)
 * (@fourwhitesocks)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6542051)
 * Ok i’m glad they fixed the invalid KEY error.
 * But…
 * What about what I was asking about in my post above, where it’s saying: “Your
   password RESET LINK appears to be invalid. Please request a new link” (even though
   they just did the reset link and are entering the correct auto-generated password)…
   I’m still getting this error.
 * Does anyone know about this issue?
 * Is the reset password invalid key error that star_movie_02 is mentioning the 
   same thing as the password reset link error that I’m getting??
 * Help lol 😉
 *  Plugin Author [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/)
 * (@jfarthing84)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/password-reset-issues-3/#post-6542053)
 * [@fourwhitesocks](https://wordpress.org/support/users/fourwhitesocks/) Are you
   using the Custom Redirection moule with referer setting by any chance?

Viewing 15 replies - 1 through 15 (of 77 total)

1 [2](https://wordpress.org/support/topic/password-reset-issues-3/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/password-reset-issues-3/page/3/?output_format=md)
[4](https://wordpress.org/support/topic/password-reset-issues-3/page/4/?output_format=md)
[5](https://wordpress.org/support/topic/password-reset-issues-3/page/5/?output_format=md)
[6](https://wordpress.org/support/topic/password-reset-issues-3/page/6/?output_format=md)
[→](https://wordpress.org/support/topic/password-reset-issues-3/page/2/?output_format=md)

The topic ‘Password Reset Issues’ is closed to new replies.

 * ![](https://ps.w.org/theme-my-login/assets/icon-256x256.png?rev=1891232)
 * [Theme My Login](https://wordpress.org/plugins/theme-my-login/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/theme-my-login/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/theme-my-login/)
 * [Active Topics](https://wordpress.org/support/plugin/theme-my-login/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/theme-my-login/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/theme-my-login/reviews/)

 * 77 replies
 * 34 participants
 * Last reply from: [tmh23](https://wordpress.org/support/users/tmh23/)
 * Last activity: [9 years, 10 months ago](https://wordpress.org/support/topic/password-reset-issues-3/page/6/#post-6542169)
 * Status: not a support question