When the plugin was originally developed, the password reset process was the same as the WordPress process: a user would input their username and email, and the system would set a new password and email it to the user.
WordPress changed to use a password reset link, while the WP-Members process stayed the same. For quite a while, this was preferred by most users of the plugin; but over time, more people requested the process to send a link.
In the 3.0.0 version of the plugin, the password link process was possible as a customization that was freely available on the support site. In version 3.3.0, it was added as an option for the plugin, but only if enabled. Otherwise, the plugin used the old process.
In plugin version 3.4.0, these options swapped places – the new process is now the default, while the legacy process remains available so that users have time to update their sites.
In version 3.5.0, the legacy process will be obsolete and removed from the plugin completely.
Update to the new process
If this is a clean install of WP-Members, you don’t need to do anything – the new process installs completely by default. If you had WP-Members installed with a version of 3.3.x or earlier (anything earlier than 3.4) and are upgrading, then you will need to complete a couple of steps to make sure everything is set.
Make sure the legacy process is not enabled
In the plugin’s main settings, make sure that the legacy password reset and legacy error message are NOT enabled. This will allow the plugin to use the new process sending a password reset link to the user.
Update the Dialog
In the Dialogs tab, look for the “Password reset” dialog. You’ll want to make sure that the message reflects the actual process. The new default dialog is as follows:
An email with instructions to update your password has been sent to the email address on file for your account.
Update the Email
In the Emails tab, look for the
A password reset was requested for [blogname].
Follow the link below to reset your password:[reset_link]
If you did not request a password reset for [blogname], simply ignore this message and the reset key will expire.