Password reset is not allowed for this user

Check with your host and see what your permission settings are on the server. Depend on your server the problem could lay with them in the permissions on the box.

That’s where I would first check. If they don’t find any issue then I think you may benefit by providing a URL to view. Make sure you don’t have any security plugins enabled etc or list them, etc.

Hi,
We are on AWS so can check any permissions needed.. The directories are 755 with files 644 and it has www-data:www-data as the owner. Wordfence is currently running but I have disabled that and checked but still get the same error.

The website is https://www.eatickets.co.uk/my-account

Thanks

Are you running other sites in the root directory that are using WF or Clef or something? Can you check your htaccess file too? Somewhere your permissions are being blocked. Are you using a cache plugin? Cloudflare? You’ll have to empty that as well even though WF has been turned off.

I got a different error when after I registered and went to reset my password inside account. I got “Display name cannot be changed to email address due to privacy concern.”

Make sure you turn off any privacy plugins you may have enabled. And always try and turn all plugins off except for WooCommerce obviously. Then enable one at a time and see which one throws the error.

No other sites in the root and no Clef. Its running nginx so no htaccess file. No not using cloudflare or anyone for php/scripts. I only use AWS cloudfront for showing the saved image files only. I have double checked the file permissions..

I dont have any privacy plugins either… strange. It’s difficult turning all plugins off as I cannot put the site into maintance mode while I do it, as then I cannot test the password reset! I will have to try late night. Thanks

I hear ya. I hate turning them all off too. You could put the site in maintenance mode and troubleshoot. That way folks see a screen and not a downed site. I love having a local install or a staged site to solve issues like this.

I would suggest creating a local install and or a staged version of your site in a sub directory. Just be sure you monitor it as you do a live site.

When you mention “upgrading to WooCommerce”, do you mean that the problem started with 3.6.2? If not, it could be one of the general problems I list here.

Not sure when it started for sure, people have only said the last couple of weeks… I upgraded to 3.6.2 to see if it would fix it.. but no. I have looked at your great list. Of the 4 options: 1) not a multisite 2) Tick box in woocommerce for email is ok 3) I do not use Captcha.. 4) Happy to try the php code. Where do I put it??

Only thing that has come to mind, but this was 4+ weeks ago, could have been since then.. just thought customers would have said something, as see forgotten emails sent out most days. I now use Nginx instead of Apache with the SSL done through the load balancer and no ssl on the box. Thanks

I have found it… Not sure how or why or when?!?! But there was a line in the custom functions.php file that was disabling password reset! Thanks again for your help towards this.

Well thanks for posting about what fixed it, I’ll add that to my troubleshooting steps.

The line I found is below… have no idea how it got there.
Thanks,
Dean.

function disable_reset_lost_password() {return false;}add_filter( ‘allow_password_reset’, ‘disable_reset_lost_password’);

I found some old posts advocating putting that in for security reasons, so maybe that’s how it got there.