Support » Fixing WordPress » What should the url for password reset look like

  • A contributor is getting many password reset emails.
    The url looks like it is coming from WordPress, but I am unclear as to what that url should look like.
    Also unclear on what to do to prevent this?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    If he’s not requesting them, it means either (1) someone else who has their login wrong is requesting them (so you might want to look at similar user ids and ask) or (2) someone’s trying to hack, in which case you can ignore them.

    Wordfence can also be used to set a limit on the number of such requests in a given time period.

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    Sorry… forgot this:

    The url is like

    <http://example.com/wp-login.php?action=rp&key=somelongkeyhere&login=theIDhere>

    Thanks Steve, what about the email to the user:
    she is getting this

    Forwarded message ———
    From: WordPress
    <wordpress at b28 dot us>

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    The email will come from wordpress@yourdomain.com

    So if it not coming from there.. as it states above, is there anything I can do to stop it?

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    If it’s not being sent by your site, you can’t do anything about it — except flag it as spam so your email starts learning that it’s to be ignored.

    Thanks Steven, I appreciate the help..bit of brain fog here today. LOL

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘What should the url for password reset look like’ is closed to new replies.