Auto reset password emails to new members

All new members are receiving an automatic email telling them to reset their password.

Another Membership2 plugin users mentions the issue here: https://wordpress.org/support/topic/notice-of-password-change-email-every-time-user-profile-updated

It looks to be a WP security function, but my assumption is that Membership2 plugin users have found a way around this.

Any help would be greatly appreciated!

  • Nastia

    Hello @jason167

    This is default WordPress email, sent by WordPress only once, when an user is registered. You can stop the messages been sent with this mu-plugin that my colleague Ash have provided in this thread:

    function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) {
    	if ( $deprecated !== null ) {
    		_deprecated_argument( __FUNCTION__, '4.3.1' );
    	}
    
    	global $wpdb, $wp_hasher;
    	$user = get_userdata( $user_id );
    
    	// The blogname option is escaped with esc_html on the way into the database in sanitize_option
    	// we want to reverse this for the plain text arena of emails.
    	$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
    
    	$message  = sprintf(__('New user registration on your site %s:'), $blogname) . "\r\n\r\n";
    	$message .= sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
    	$message .= sprintf(__('Email: %s'), $user->user_email) . "\r\n";
    
    	@wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message);
    
    	if ( 'admin' === $notify || ( empty( $deprecated ) && empty( $notify ) ) ) {
    		return;
    	}
    
    	// Generate something random for a password reset key.
    	$key = wp_generate_password( 20, false );
    
    	/** This action is documented in wp-login.php */
    	do_action( 'retrieve_password_key', $user->user_login, $key );
    
    	// Now insert the key, hashed, into the DB.
    	if ( empty( $wp_hasher ) ) {
    		require_once ABSPATH . WPINC . '/class-phpass.php';
    		$wp_hasher = new PasswordHash( 8, true );
    	}
    	$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
    	$wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user->user_login ) );
    }

    Ad this code in the Functions.php file (Please note that you will have to re-add this code after the theme update) or create a mu-plugin. Navigate to /wp-content/ and find the folder with name 'mu-plugins'.
    If there is no such folder, then create a one and name it "mu-plugins".
    Create a file inside that, give any name you like and paste the code in there. You don't need to activate that plugin, it will be activated automatically always.

    If you use mu-plugins then add a php start tag at the beginning of the code:
    <?php

    Let us know if you require any further assistance!

    Cheers,
    Nastia

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.