hillslope

Origamifreak

Sorry, not code savvy. Do you paste the full code you have there into the plugin.php file for this wploginbox plugin?

Does it need to be before all functions, or just after the if user logged in function?

The default WordPress login page does not seem to cause this issue. It is only from a plugin that provides a different login theme. Maybe try installing 3.8 and see what happens if the plugin disabling does not change it.

Has taken me a while to find the cause, but for me it appears that the Redrokk login widget was the one for me. Others have found other plugins, and the only way is to disable plugins that do as manishbhatias has identified, then test the reset.

I wish I had seen your post first manishbhatias, would have made it a bit quicker to trace.

Search for previous support posts on this issue – might find other plugins causing the issue.

I am having the same problem on a site. Running 3.7.1 and my users are getting the expired link to reset the password. All updates are current, but this issue has only been reported since a recent update went through. I have notification emails about password resets the day before the update (28th), but none since.
I have tested this, and the same reset key is being supplied for all password reset attempts – different users, browsers – same result. So it appears the system is not creating new keys for resets- just sending the same old expired one.
Have deactivated all plugins that might work on password/user to test and it has made no difference.
Any other options? Have a site with a lot of users sending this issue.