WP-Members 3.3.5 introduced some new features as options, which have become the standard setting for new installs as of 3.4.0. Eventually, in version 3.5.0 these features will replace older functionality altogether.
If you are updating an older version of the plugin to use the new password reset link process, follow the instructions here.
Password Reset Link
This feature replaces the password reset process with a link. When the user requests a password reset, a link will be emailed to the user. When the user clicks the link to activate the password reset process, they are directed to a password change form.
The reset link expires in 24 hours, at which point the user would need to attempt another reset.
As of plugin version 3.4.0, this feature is the standard setting. On a new install, you don’t need to do anything to enable it. If you are upgrading from an older version of the plugin, you need to disable the legacy password reset setting in the main options tab under “New Feature Settings”. In plugin version 3.5.0, the current password reset process (that sends a new passwords) will be removed completely.
If you are updating an older version of the plugin to use the new password reset link process, follow the instructions here.
Additional Configuration Required
The password reset link option uses the WP login error object for specific messaging in the form. As of 3.4.0, this is enabled by default, but it can be changed in the “New Feature Settings” so make sure “Legacy Login Error” is not enabled in your setup. (see “Enable WP Login Error” below).
It is recommended that you edit the password reset email accordingly. The process will automatically include the activation link at the bottom of the email. If you want to customize where the link is placed, use the [reset_link] shortcode in the email. (You should remove any elements of the legacy process, such as the shortcode to include a password, since this is no longer valid.)
Additionally, in order for the password reset URL to be complete, you need to have set the plugin setting for the User Profile URL as this is where the user is going to be directed in order to create a new password. Without setting this, the URL in the email will be incomplete, and you may or may not direct the user to a page where the password can actually be reset. It must be a page that contains the [wpmem_profile] or [wpmem_form password] URL. (See documentation about the “User Profile URL” setting and about the [wpmem_profile] shortcode.)
WP Login Error
This feature replaces the WP-Members login error message with what is contained in the WP login error message object. The formatting of the message is still the same – the WP-Members div tag is still used. The only difference is that messaging is slightly different.
The primary reason for this change is that when WP-Members was first introduced (ages ago, back in 2005/06), there wasn’t much in the way of additional login authentication integration. But that has changed drastically. So many people now use additional authentication such as captchas, or brute force login blockers that all add custom messaging to the login error. In order to apply those in the past, you needed to implement a custom code snippet.
As of version 3.4.0, this is the standard setting. If you are setting up a new install, you don’t have to do anything. If you are upgrading, you can enable the legacy login error message until you are ready to shift over to the new setting. However, I recommend doing it sooner rather than later as the legacy setting will no longer be available as of plugin version 3.5.0.