Create user from admin sends change password URL in {user_password}

  • I am administering a WordPress website with WooCommerce and have an issue with new user account email templates.

    When creating a user account from the website frontend, the user receives an email with his username and password inserted in {user_login} and {user_password} – all is well.

    When creating the user (customer) account from the WordPress admin, an email is also sent to the user, but here the password inserted into {user_password} is a URL for the user to change the password – not the password.

    It looks very much like phishing/spam when the email says “Your password is: https://mysite.com/wp-login.php?action=rp&key=XXXXXXXXXXXXXXXXXXXXX&login=johndoe%40somesite.com“, so how can I fix this?

    It would be great if there were two different email templates, but it seems there isn’t…

    Any help would be much appreciated.

    ————————————————————————————-

    Hi johndoe,?

    Thanks for creating an account on mysite.com.

    Your username is johndoe.
    Your password is: https://mysite.com/wp-login.php?action=rp&key=XXXXXXXXXXXXXXXXXXXXX&login=johndoe%40somesite.com

    You can access your account area to view orders, change your password, and more at: 

    Go to your account

    We look forward to seeing you soon.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.