Allow all reset password links within the past 24 hours to be valid and accepted

Question

Right now if a user requests a reset password link (link A), then requests another reset password link (link B), link A no longer works – WordPress considers the link invalid/expired.

Is there a way in WordPress to allow all reset password links within the past 24 hours to be valid and accepted?


I’ve been delving into the WordPress code and I can see one way to achieve this but its not a very nice solution. I’ll show it below but does anyone have a nicer/cleaner solution they are aware of?

Solution (in psuedo code):

  • Hook login_form_lostpassword
  • Get user by their email
  • If this users user_activation_key is not empty and the last time they requested a reset password link is less than 24 hours ago:
    • Resend the *email message that was sent before (that contains the same reset password link as before)
  • Else:
    • Allow default behaviour to take over (generate a new reset password link and send an email containing the reset password link).

*The icky-ness of the above solution is that I need to store the email body for every reset password email sent out (so I can retrieve it and resend it again if the user requests within 24 hours).

0
sazr 5 months 2022-06-29T21:30:19-05:00 0 Answers 0 views 0

Leave an answer

Browse
Browse