4

I have a webapp that uses Wordpress for it's authentication. I have an Account options page there. When opened, it contains a password update section. I POST this to my PHP script and run this code:

wp_update_user(array('ID' => getUserIDWP(), 'user_pass' => $_POST['newpass']))

It logs me out of my current Wordpress session, but when I try to log back in with the password I specified there, it says that I entered an incorrect password. I'd appreciate if someone could shed some light on this subject.

Note: the getUserIDWP() function is an alias for $current_user->ID; and the other related stuff.

Improve this question
2
  • wich version of wp do you have? I don't see the 'user_pass' entry in the usermeta table. Commented Aug 29, 2012 at 16:22
  • I don't actually remember what version I used - but it was the latest version when I asked that question. Probably an early 3.0 or 3.1. Commented Sep 2, 2012 at 15:12

5 Answers 5

Reset to default
14

Try below code, it won't log you out after password change and it works with Ajax too. Also, no need to reset cookies/session after it.

$userdata = [
    'ID'        => 1,
    'user_pass' => 'new_password',
];

wp_update_user( $userdata ); // this will handle encryption and everything
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

wp_set_password clears user cache so you will be logged out. If you want to log back in you can do: wp_set_current_user ( wp_get_current_user()->ID ); wp_set_auth_cookie ( wp_get_current_user()->ID );
@geraldo please refer updated answer, it will be a better solution if you don't want user to be logged out.
8

It worked for me to update 'user_pass' using both update_user_meta and wp_update_user:

update_user_meta($user_id, 'user_pass', $newpassword);
wp_update_user( array ('ID' => $user_id, 'user_pass' => $newpassword) ) ;
Improve this answer

1 Comment

Does wp_set_password work? And do you need to hash the new password first?
2 
/**
 * Update a user's password by user ID, email, or username.
 *
 * @param int|string $identifier User ID (int), email (string), or username (string).
 * @param string     $new_password Plaintext new password.
 * @return int|\WP_Error Returns the user ID on success or a WP_Error on failure.
 */
function di_update_user_password( $identifier, string $new_password ) {
    if ( empty( $new_password ) ) {
        return new WP_Error( 'empty_password', 'Password cannot be empty.' );
    }

    // Resolve the user by identifier.
    if ( is_numeric( $identifier ) ) {
        $user = get_user_by( 'id', absint( $identifier ) );
    } elseif ( is_email( $identifier ) ) {
        $user = get_user_by( 'email', $identifier );
    } else {
        $user = get_user_by( 'login', $identifier );
    }

    if ( ! $user || ! $user->ID ) {
        return new WP_Error( 'user_not_found', 'No matching user found.' );
    }

    // Option A (recommended for one-off resets): hash + set + reset sessions.
    // WordPress will hash internally; do NOT hash yourself.
    wp_set_password( $new_password, $user->ID ); // void

    // Optionally, return the ID for consistency with wp_update_user().
    return (int) $user->ID;

    // --- Option B (alternative): use wp_update_user() ---
    // $result = wp_update_user( [
    //     'ID'        => $user->ID,
    //     'user_pass' => $new_password, // Pass plaintext; WP hashes it.
    // ] );
    // return $result; // int|WP_Error
}

place it in your theme’s functions.php or a utilities plugin.

call like this

// By ID
di_update_user_password( 123, 'NewStrongPass!2025' );
// By email
di_update_user_password( '[email protected]', 'Another$trongOne' );
// By username
di_update_user_password( 'maidul', 'S3cure#Pass' );
Improve this answer

Comments

0

I know it's late but...

I had a similar problem and it turns out there was an entry in the usermeta table called user_pass. I deleted that entry and I could log in again.

Maybe this will help somebody - I spent the last hour trying to figure out what I did wrong.

Improve this answer

Comments

0

try this one

    global $current_user;
    $password = 'Abc123456';
    wp_set_password($password, $current_user->ID);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.