[wp-hackers] reset &send user pass

Jared Bangs jaredbangs at gmail.com
Thu Feb 25 23:43:41 UTC 2010

On Thu, Feb 25, 2010 at 3:20 PM, Jeremy Visser <jeremy at visser.name> wrote:
> On 26/02/10 06:20, michael at mfields.org wrote:
>> K, As far as I know there is no way to accomplish this. The password
>> has been stored with one way encryption.
> Pretty sure that's now what the O.P. meant to say. Have a re-read:
>>> i´m currently searching for a sollution on how to reset & re-send a
>>> user password.
> "Reset & re-send". K already acknowledges that resetting the password is
> necessary:
>>> Du to the fact, that the pass is a salted md5-hash, i have to reset
>>> them too.
> K, I think you're just best off linking to:
>  get_bloginfo('wpurl') . '/wp-login.php?action=lostpassword'
> Best not to reinvent the wheel when you don't have to. :)

I agree; that would definitely be the best approach.

If for some reason that doesn't work, I seem to remember doing a
plugin for someone a long time ago that would basically simulate the
password reset process on behalf of the user (using a randomly
generated password) and then email the user the new password, but this
has the disadvantage of the password existing in a plain text email

If you (or your client, etc.) insists on going that route, you could
probably look through the code for the methods that need to be called,
etc., but sending them a link to the normal password reset process
would certainly be a lot less work and better in terms of security.

More information about the wp-hackers mailing list