WordPress Forgot Password Form Without Plugin

WordPress Forgot Password Form Without Plugin

Are you need simple Forgot Password form without plugin for your WordPress website? Yes, Then i have created [cxc_forgot_pwd_form] shortcode with quick simple code. So you can put Forgot Password form anywhere like in Pages, Posts and Widget etc… Therefore you just need to put [cxc_forgot_pwd_form] shortcode where you need login form. So you need to follow below steps.

Code for shortcode.

You need to put below code in theme’s functions.php file. If you have created child theme then add this in function file of child theme.

Forgot Password Form | Shortcode: [cxc_forgot_pwd_form]

 add_shortcode( 'cxc_forgot_pwd_form', 'cxc_forgot_pwd_form_callback' );

function cxc_forgot_pwd_form_callback() {

	if ( !is_user_logged_in() ) {

		global $getPasswordError, $getPasswordSuccess;

		if ( !empty( $getPasswordError ) ) {
			<div class="alert alert-danger">
				<?php echo $getPasswordError; ?>
		<?php } ?>

		<?php if ( !empty( $getPasswordSuccess ) ) { ?>
			<div class="alert alert-success">
				<?php echo $getPasswordSuccess; ?>
		<?php } ?>

		<form method="post" class="wc-forgot-pwd-form">
			<div class="forgot_pwd_form">
				<div class="log_user">
					<label for="user_login">Username or E-mail:</label>
					<?php $user_login = isset($_POST['user_login']) ? $_POST['user_login'] : ''; ?>
					<input type="text" name="user_login" id="user_login" value="<?php echo $user_login; ?>" />
				<div class="log_user">
					do_action( 'lostpassword_form' );
					echo ob_get_clean();
					<?php wp_nonce_field('userGetPassword', 'formType'); ?>
					<button type="submit" class="get_new_password">Get New Password</button>

	$forgot_pwd_form = ob_get_clean();
	return $forgot_pwd_form;

Code for Forgot Password

In this code i am validating form and Send mail for Forgot Password on wp action. Add it in functions.php file after above code. If this code will not work then change action wp to init.

add_action( 'wp', 'cxc_user_forgot_pwd_callback' );

function cxc_user_forgot_pwd_callback() {
	if ( isset( $_POST['formType'] ) && wp_verify_nonce( $_POST['formType'], 'userGetPassword' ) ) {

		global $getPasswordError, $getPasswordSuccess;

		$email = trim( $_POST['user_login'] );

		if ( empty( $email ) ) {
			$getPasswordError = '<strong>Error! </strong>Enter a e-mail address.';
		} else if ( !is_email( $email ) ) {
			$getPasswordError = '<strong>Error! </strong>Invalid e-mail address.';
		} else if ( !email_exists( $email ) ) {
			$getPasswordError = '<strong>Error! </strong>There is no user registered with that email address.';
		} else {

              // lets generate our new password
			$random_password = wp_generate_password( 12, false );

              // Get user data by field and data, other field are ID, slug, slug and login
			$user = get_user_by( 'email', $email );

			$update_user = wp_update_user( array(
				'ID' => $user->ID,
				'user_pass' => $random_password
			) );

              // if  update user return true then lets send user an email containing the new password
			if ( $update_user ) {
				$to = $email;
				$subject = 'Your new password';
				$sender = get_bloginfo( 'name' );

				$message = 'Your new password is: ' . $random_password;

                  /* $headers[] = 'MIME-Version: 1.0' . "\r\n";
                    $headers[] = 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
                    $headers[] = "X-Mailer: PHP \r\n";
                    $headers[] = 'From: ' . $sender . ' < ' . $email . '>' . "\r\n"; */
                    $headers = array( 'Content-Type: text/html; charset=UTF-8' );

                    $mail = wp_mail( $to, $subject, $message, $headers );
                    if ( $mail ) {
                    	$getPasswordSuccess = '<strong>Success! </strong>Check your email address for you new password.';
                } else {
                	$getPasswordError = '<strong>Error! </strong>Oops something went wrong.';

How useful was this blog?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this blog.


  1. Hello and thank you for your effort to provide such valuable info.
    I got all the forms working on a Divi child theme, except the forgot password form produced a blank page, regardless of changing the action wp to init. Strange that I got all the others to work, except the one I needed the most, as I already have a Divi custom login page hiding the standard admin URL.
    I would appreciate it if there’s an update available. Thank you.

    1. Thank you for your feedback. I have looked my functionality and i would like to say that you have checked site with login, Have you checked with without login? When user has already logged in forgot password form not need. Form have seen only on without login.

Leave a comment

Your email address will not be published. Required fields are marked *