The page at /resetpass is still being cached. On top of that, it isn’t working correctly as /resetpass should only work with a key. Have you set up a custom page for the action?
Sorry, yes, custom URLs are being used, and these are the URLs I requested to be excluded from cache:
/investor-area/login/
/investor-area/lost-password/
/investor-area/password-reset/
Is that correct, or do I need to exclude the plugins default URLs as well?
Thanks for your help!
Visiting /investor-area/resetpass redirects to /resetpass…
Okay, there was a legacy page that needed to be removed. That URL comes up as 404 now and the /investor-area/lost-password/ process still returns an invalid key error.
What should I look at next?
Could you possibly give me test credentials? jeff [at] jfarthing [dot] com.
Okay, you’re set up and should receive an email with credentials. Let me know if you need anything else.
Thanks!
You have actually found a bug that will be fixed with the next release.
Could you possibly list or screenshot all of the plugins you are using?
Uh oh π Any ideas on the updated plugin release date and/or a patch I can implement or help with?
Here are the plugins being used:
Admin Bar Disabler // ver. 1.4
Advanced Custom Fields // ver. 5.7.7
Advanced Custom Fields: Gallery Field // ver. 2.1.0
Advanced Custom Fields: Repeater Field // ver. 2.1.0
Configure Login Timeout // ver. 1.0
Dev Plugin // ver. 1.0 // *proprietary
Gravity Forms // ver. 2.0.4
Gravity Forms User Registration Add-On // ver. 3.3
Hide Update Reminder Message // ver. 1.0
MyFontsWebfontsKit #3244669 // ver. 0.1
SB Welcome Email Editor // ver. 4.8
Simple Section Navigation Widget // ver. 2.1
Taxonomy Images // ver. 0.9.6
Theme My Login // ver. 7.0.11
TM Replace Howdy // ver. 1.4.2
WP Show IDs // ver. 110709
WP User Login Notifier // ver. 1.0.3
* the proprietary plugin, you have admin access so you can view its code via the admin plugin editor if needed or I can email you the plugin files directly.
Also, these wp engine installed plugins:
Force Strong Passwords – WPE Edition // Version 1.6.4
Stop long comments // Version 0.0.4
WP Engine System // Version 3.2.1
advanced-cache.php
install.php
Any chance you might be able to give me temporary file level access? If so, send info to the same email as before.
I’m trying to figure out why your password reset emails are using the URL of /login?action=rp instead of /resetpass, as it should.
I know in /plugins/theme-my-login/includes/compat.php it uses /login?action=rp on line 91.
Does it work correctly if you disable “SB Welcome Email Editor”?
Yep, there is the issue…
The SB Welcome Email Editor plugin uses a shortcode of [reset_url] in the email template that creates the link. Deactivating the plugin allows TMLs link to be used.
Any thoughts on a quick fix/patch?
