Need to enable "password reset" for users without resetting *all* of them

  • Before you read further, please note that:

    1) I have admin access to the dashboard.
    2) I can manually reset user passwords.
    3) I have not lost my admin password.
    4) Logins are working just fine.
    5) Though I’m using multiuser (multisite), I’ve actually only got one site.

    Here’s my issue. I manage a WordPress MU v2.8.6 site for a client. I inherited it recently, and it contains many customizations in a theme that cannot easily be updated. I have twenty thousand users who are successfully accessing the site.

    Right now, I’ve got a few hundred users who have lost their original passwords and need password resets, and the automatic password reset function (for lack of a better description) is not working. I can manually reset each of them, but this is beyond time-consuming. I’ve looked all over the dashboard, and have found no place where I can unilaterally allow (or deny) password resets.

    I looked a bit in the back end code (I’ve very little experience with PHP), but can’t find a place where password resets are allowed or denied.

    Please also note that, because of the cloud implementation that I have, uploading a fix to the site is tricky as well, and needs to be synchronized across multiple instances, so a random “try this” hack might deny access to thousands of users at once. Anyone know *for sure* where this password reset option is configured? Furthermore, any suggestions for how I can fix it since it’s broken?

    Much obliged for any assistance! (And if this has been covered in another post, please feel free to point me to it.)

Viewing 10 replies - 1 through 10 (of 10 total)

  • You can’t pick and choose, and you can’t find it becasue there is no such setting.

    If it’s not working, how is it not working? There is no built in setting to turn it off, so it’s likely you have a plugin that is interfering, or something on the server is interfering.

    I manage a WordPress MU v2.8.6 site for a client. I inherited it recently, and it contains many customizations in a theme that cannot easily be updated.

    There were very little changes that are theme dependent between that version and 3.0.1. you’re back far enough now, you really should plan on upgrading (stick in in the schedule and just do it) and you’ll have to do it manually. Pick a time when there is the least amount of traffic.

    Your theme itself will not break on upgrading.

    Thread Starter ubergeeke

    (@ubergeeke)

    Thanks for responding. It’s *very* much appreciated.

    On the blog’s home page, there’s a “sign in” link, which when clicked leads to a pop-up (actually, a “slide down” more than a “pop up”) login window. Just below the username and password fields is a “Forgot password” link, which when clicked leads to a pop-up (slide down) window asking for an email address.

    This box is the one that’s broken, I think. No matter what email address is entered, the text turns red and nothing else happens. I’m not sure if this is something that is a default WordPress setting, or a customized interface from the vendor who built the site. (Did I mention I inherited its management?)

    At this point, we’re manually resetting user passwords. What I’d like to do is somehow fix this “forgot password” function. Furthermore, I’m not sure what could be interfering – though it makes sense that it must be a plugin or some back-end config. Perhaps I should take a look at some of the PHP files associated with logins? If so, which ones?

    Sidenote: A manual update means considerable downtime, though you’re right that it must be done. I may need to wait a couple of months for a lag – we’re in a peak season at the moment and a manual update will require several instance synchronization steps in our cloud config which would translate to hours down rather than just minutes. (Hopefully that makes sense.)

    The link on your front page is custom, not built in to WordPress. here’s hpow to check if it’s WordPress or the code on that page:

    Go to yoursite.com/wp-login.php
    Click the “forgot password” link.

    It’s not in any of the core files. Please test this default link first. It’s likely how it’s coded on your front page (which should be in the theme files) or it was done via a plugin. you’ll have to narrow that down.

    If you give me a link to you url, that makes things way easier for me. ??

    Sidenote: yeah, been there. ?? Don’t wanna see you get hacked. Do the jump to 2.9.2 first, wait a couple weeks, then the jump to 3.0.1.
    (I do this for a living sometimes ?? )

    Thread Starter ubergeeke

    (@ubergeeke)

    Ah-hah! Things to try! Nothing makes this geek happier than actual to-do steps!

    Ok, went to https://www.mysite.com/wp-login.php

    Clicked on “Forgot password” link. Here’s path of link:
    https://www.mysite.com/wp-login.php?action=lostpassword

    Received this error:

    The e-mail could not be sent.
    Possible reason: your host may have disabled the mail() function…

    Sidenote continued: upgrade scheduled!

    I will also happily email you the site address. (In fact, will do so immediately.) Needless to say, since it requires updating, I don’t want to post the URL here as a big fat invitation.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Possible reason: your host may have disabled the mail() function…

    Ugh. Yeah, without that turned on… Grab your host (or tech) and ask them. If it’s a local tech, hold up a twinkie while you ask ??

    Thread Starter ubergeeke

    (@ubergeeke)

    (cough.) I *am* the tech. And evidently, I now need to know how to *enable* the mail() function.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    *waggles Twinkie?*

    It’s a php function: https://php.net/manual/en/function.mail.php

    Oooo fun times! ?? Someone dumped you in the deep end of the pool… yeah, enabling the mail function on the server is going to be fun.

    Does it email you when a comment is in moderation? (probably not, as it uses the same function)

    So…. they pretty much got you to be in charge of the server?

    Thread Starter ubergeeke

    (@ubergeeke)

    I’ve done systems and network administration for about fifteen years. A friend needed a favor…which led to me being in the deep end of the PHP pool.

    I’ve been a WordPress user for about three years, but haven’t had to tweak much on the back end since it works so well out-of-the-box. Inheriting a significantly-modified implementation has been…interesting.

    No, comment emails aren’t working either. And neither is our “contact us” form.

    I’m a bit confused about what to do/try next. Add function.mail.php to the root directory? Enable a particular setting within a specific PHP file? Comb my existing phpmailer.php and forget-password.php files for settings that might work?

    And thanks again for responding.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    It’s not a WordPress thing, it’s your server.

    https://articles.sitepoint.com/article/advanced-email-php

    Read the part starting at

    Before we can send email with PHP, we need to set it up to do so, just as you need to set up your email program before it can send messages. Configuration for sending email in PHP is done with the php.ini file, so open up your Web server’s php.ini in whichever editor you normally use.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Need to enable "password reset" for users without resetting *all* of them’ is closed to new replies.