Thank you digiman1 for reporting the issue.
I just tried it out and it works fine:
– I receive the link http://domain.com/resetpass?key=2rZs0&login=MyUser
– click!
– then I’m redirected to http://domain.com/resetpass, where I can set my new password.
Can you tell me more about your WordPress installation? Version, multisite… Some wild plugins toying with redirections, security?…
Another strange thing is you are redirected to http://domain.com/wp-login.php?action=lostpassword&error=invalidkey instead of http://domain.com/lostpassword?error=invalidkey
Can you check if your .htaccess file is writable and contains the rules for the plugin? (I think it does)
Thanks
Hi, thanks for the quick response!
Yes, I think something is odd in this install – I just tried a different site that also uses the plugin and the password recover works as expected.
This *is* on a WPEngine managed WP install, so they do have their own security going on, although nothing that I can see that’s problematic. My htaccess does have the right rules, and there’s nothing else working with redirections…
And, I find the final-redirect-to-/wp-login.php behavior odd as well… it bounces there *after* a quick stop at /lostpassword/
Anyway, on this managed server, I’m a little less worried about brute-force and other attacks, but moreover I only have a few folks that *need* to log in to the site, so password recovery really isn’t a big “must-have”.
I’ll keep experimenting, and if I come up with useful info to share, I’ll do so.
Thanks again for the response!
Thanks.
I haven’t tried with WPEngine indeed, so I don’t know what it does on the login page.
If some day you have the occasion, maybe you can try to recover a password when Move Login is deactivated, and see if there’s something special in the URL.
Thanks for the info.
Greg
Version 2.1 is out, I think it will fix your issue.
OK, 3 months, I mark the topic as closed. Please open a new thread if the problem persists.
