WordPress multisite forgot password url issue

Forgot password/Lost password link in login form on subsite in a WordPress multisite setup has an issue. The link points to main site and not to the subsite where user is actually trying to login.
E.g:
If the visitor is at http://site1.example.com/wp-login.php, forgot password link here will point to http://example.com/wp-login.php?action=lostpassword. This might not be desired in some situations.

Additionally, the email sent for password reset action, also has login links to main site in network and not the subsite where user was actually trying to login.

Code below fixes these 2 issues.

<?php
/*
Plugin Name: Subsite Lostpassword
Plugin URI: http://webdeveloperswall.com/wordpress/multisite-forgot-password-url-issue/
Description: Updates URLs on susbites and in lost password request emails to point to the subsite where the lost password request started.
Version: 1.0
Author: ckchaudhary
Author URI: http://webdeveloperswall.com/wordpress/multisite-forgot-password-url-issue/
*/

/**
 * Major part of the code is taken from https://gist.github.com/strangerstudios/9487278
 */

/*
	Fixes the URL at the bottom of the login page.
*/
function sslp_lostpassword_url($url, $redirect){	
  if( !is_multisite() )
    return $url;
    
	$args = array( 'action' => 'lostpassword' );
	if ( !empty($redirect) ) {
		$args['redirect_to'] = $redirect;
	}

	$lostpassword_url = add_query_arg( $args, site_url('wp-login.php', 'login') );
	return $lostpassword_url;
}
add_filter("lostpassword_url", "sslp_lostpassword_url", 10, 2);

function login_load_jquery(){
	wp_enqueue_script( 'jquery' );
}
add_action( 'login_enqueue_scripts', 'login_load_jquery', 1 );

function wdw_sslp_lostpassword_form_target_script(){
	if( !is_multisite() )
		return;
	
	?>
	<script type="text/javascript">
		jQuery(document).ready(function($){
			$('#lostpasswordform').attr( 'action', '<?php echo add_query_arg( 'action', 'lostpassword', site_url('wp-login.php', 'login') );?>' );
		});
	</script>
	
	<?php 
}
add_action( 'lostpassword_form', 'wdw_sslp_lostpassword_form_target_script' );
/*
	Fixes URL in email that goes out.
*/
function sslp_retrieve_password_message($message, $key){
  if( !is_multisite() )
    return $message;
    
	if ( empty( $_POST['user_login'] ) ) {
		return $message;	//error probably
	} else if ( strpos( $_POST['user_login'], '@' ) ) {
		$user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
		if ( empty( $user_data ) )
			return $message;	//another error condition, no user found
	} else {
		$login = trim($_POST['user_login']);
		$user_data = get_user_by('login', $login);
	}
	
	$user_login = $user_data->user_login;
	
	$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
	$message .= home_url( '/' ) . "\r\n\r\n";
	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
	$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
	$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
	$message .= '<' . site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
	
	return $message;
}
add_filter("retrieve_password_message", "sslp_retrieve_password_message", 10, 2);

This is in the form of a wordpress plugin. Download the zip file from link below. Upload it via wordpress admin plugin installer and activate it network wide.
You can download the plugin from link below:


Published by

Chandan Chaudhary

Chandan is a WordPress guy. A programmer at heart. He loves building community sites with WordPress and BuddyPress.

Leave a Reply

Your email address will not be published. Required fields are marked *