We’ve just found an issue with the formatting and link included in password reset emails. We've narrowed it down to the wpMandrill plugin as deactivating solves the issue described below.
Email comes in like this:
(username edited to protect the innocent)
Someone requested that the password be reset for the following account: http://ourwebsite.com/ Username: testuser If this was a mistake, just ignore this email and nothing will happen. To reset your password, visit the following address: /ourwebsite.com/wp-login.php?action=rp&key=2C4WNkhEGno3AVQhVqeX&login=testuser>
Notice the lack of line breaks and also that the “http:/” is missing from the front and that there is a “>” symbol at the end.
When clicking this link, it goes to a 404 (not surprising). If you add the “http:/” and remove the “>”, it works as expected taking the user to the password reset page.