Title: Password Reset with Code for WordPress REST API Author: dominic_ks Published: 2020-يىلى 9-ماي Last modified: 2025-يىلى 5-ئىيۇن --- قىستۇرما ئىزدە ![](https://ps.w.org/bdvs-password-reset/assets/banner-772x250-rtl.jpg?rev=2301474) ![](https://ps.w.org/bdvs-password-reset/assets/icon-128x128.jpg?rev=2301474) # Password Reset with Code for WordPress REST API يازغۇچى [dominic_ks](https://profiles.wordpress.org/dominic_ks/) [چۈشۈر](https://downloads.wordpress.org/plugin/bdvs-password-reset.0.0.17.zip) * [تەپسىلاتلار](https://ug.wordpress.org/plugins/bdvs-password-reset/#description) * [باھالاشلار](https://ug.wordpress.org/plugins/bdvs-password-reset/#reviews) * [ئىجادىيەت](https://ug.wordpress.org/plugins/bdvs-password-reset/#developers) [قوللاش](https://wordpress.org/support/plugin/bdvs-password-reset/) ## چۈشەندۈرۈش A simple plugin that adds a password reset facility to the WordPress REST API using a code. The process is a two step process: 1. User requests a password reset. A code is emailed to their registered email address 2. The user enters the code when setting a new password, which is only set if the code is valid and has not expired It is also possible to check the validity of a code without resetting the password which enables the possibility of setting the password by other means, or having a two stage process for checking the code and resetting the password if desired. Default settings are to use an 8 digit code consisting of numbers, upper and lower case letters and special characters, which has a life span of 15 minutes, afterwhich a new code would need to be requested. By default a user can attempt to use or validate a code up to 3 times before automatically invalidating it. ### Endpoints The plugin adds two new endpoints to the REST API: * Endpoint: _/wp-json/bdpwr/v1/reset-password_ — HTTP Verb: POST — Parameters (** all required**): — email * _/wp-json/bdpwr/v1/set-password_ — HTTP Verb: POST — Parameters (**all required**):— email — password — code * _/wp-json/bdpwr/v1/validate-code_ — HTTP Verb: POST — Parameters (**all required**):— email — code ### Example Requests (jQuery) ### Reset Password ``` $.ajax({ url: '/wp-json/bdpwr/v1/reset-password', method: 'POST', data: { email: 'example@example.com', }, success: function( response ) { console.log( response ); }, error: function( response ) { console.log( response ); }, }); ``` ### Set New Password ``` $.ajax({ url: '/wp-json/bdpwr/v1/set-password', method: 'POST', data: { email: 'example@example.com', code: '1234', password: 'Pa$$word1', }, success: function( response ) { console.log( response ); }, error: function( response ) { console.log( response ); }, }); ``` ### Validate Code ``` $.ajax({ url: '/wp-json/bdpwr/v1/validate-code', method: 'POST', data: { email: 'example@example.com', code: '1234', }, success: function( response ) { console.log( response ); }, error: function( response ) { console.log( response ); }, }); ``` ### Example Success Responses (JSON) ### Reset Password ``` { "data": { "status": 200 }, "message": "A password reset email has been sent to your email address." } ``` ### Set New Password ``` { "data": { "status": 200 }, "message": "Password reset successfully." } ``` ### Validate Code ``` { "data": { "status": 200 }, "message": "The code supplied is valid." } ``` ### Example Error Responses (JSON) ### Reset Password ``` { "code": "bad_email", "message": "No user found with this email address.", "data": { "status": 500 } } ``` ### Set New Password ``` { "code": "bad_request", "message": "You must request a password reset code before you try to set a new password.", "data": { "status": 500 } } ``` ### Validate Code ``` { "code": "bad_request", "message": "The reset code provided is not valid.", "data": { "status": 500 } } ``` ### Filters A number of WordPress filters have been added to help customise the process, please feel free to request additional filters or submit a pull request with any that you required. ### Filter the length of the code ``` add_filter( 'bdpwr_code_length' , function( $length ) { return 4; }, 10 , 1 ); ``` ### Filter Expiration Time ``` add_filter( 'bdpwr_code_expiration_seconds' , function( $seconds ) { return 900; }, 10 , 1 ); ``` ### Filter the date format used by the plugin to display expiration times ``` add_filter( 'bdpwd_date_format' , function( $format ) { return 'H:i'; }, 10 , 1 ); ``` ### Filter the reset email subject ``` add_filter( 'bdpwr_code_email_subject' , function( $subject ) { return 'Password Reset'; }, 10 , 1 ); ``` ### Filter the email content ``` add_filter( 'bdpwr_code_email_text' , function( $text , $email , $code , $expiry ) { return $text; }, 10 , 4 ); ``` ### Filter maximum attempts allowed to use a reset code, default is 3, -1 for unlimmited ``` add_filter( 'bdpwr_max_attempts' , function( $attempts ) { return 3; }, 10 , 4 ); ``` ### Filter whether to include upper and lowercase letters in the code as well as numbers, default is false ``` add_filter( 'bdpwr_include_letters' , function( $include ) { return false; }, 10 , 4 ); ``` ### Filter the characters to be used when generating a code, you can use any string you want, default is 0123456789 ``` add_filter( 'bdpwr_selection_string' , function( $string ) { return '0123456789'; }, 10 , 4 ); ``` ### Filter the WP roles allowed to reset their password with this plugin, default is any, example below shows removing administrators ``` add_filter( 'bdpwr_allowed_roles' , function( $roles ) { $key = array_search( 'administrator' , $roles ); if( $key !== false ) { unset( $roles[ $key ] ); } return $roles; }, 10 , 1 ); ``` ### Filter to add custom namespace for REST API ``` add_filter( 'bdpwr_route_namespace' , function( $route_namespace ) { return 'xyz/v1'; }, 10 , 1 ); ``` ### Credits * Plugin icon / banner image by [Sincerely Media](https://unsplash.com/photos/CWL6tTDN31w) ## FAQ ### Where do I report security bugs found in this plugin? Please report security bugs found in the source code of the bdvs-password-reset plugin through the Patchstack Vulnerability Disclosure Program. The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin. [Report a security vulnerability.](https://patchstack.com/database/vdp/bdvs-password-reset) ## باھالاشلار ![](https://secure.gravatar.com/avatar/7a46c10c4c76a2539400c4446353d7503b6dd46f9b00d0fee26f113378afbb2f? s=60&d=retro&r=g) ### 󠀁[Very Well Made](https://wordpress.org/support/topic/very-well-made-6/)󠁿 [Philip Sola](https://profiles.wordpress.org/philsola/) 2024-يىلى 30-ئاپرېل 1 reply This plugin, is extremely well thought through and very well made. Plenty of filters for developers to hook into and adjust to their liking. I’ve managed to filter the email body, the characters used for the code, the REST API namespace, the code length and loads more, with total ease. Great plugin – thank you! ![](https://secure.gravatar.com/avatar/042ff04e606b0616a7df702f95a9b81c8a2f6eb9808deeb2abda605a51840843? s=60&d=retro&r=g) ### 󠀁[Excellent plugin](https://wordpress.org/support/topic/excellent-plugin-9035/)󠁿 [jaestradag](https://profiles.wordpress.org/jaestradag/) 2024-يىلى 23-فېۋرال You’ve helped me more than you know. Is it possible to use it with a user who is an administrator? ![](https://secure.gravatar.com/avatar/051872f6b0eeae4ec8a88843deea7ec0e3f87d71f8210f7e8c6026bea0934bad? s=60&d=retro&r=g) ### 󠀁[Works perfectly!](https://wordpress.org/support/topic/works-perfectly-2733/)󠁿 [mrank](https://profiles.wordpress.org/mrank/) 2024-يىلى 5-فېۋرال 1 reply The plugin does exactly what it is supposed to do. The filters allow extensive customization. Many thanks to the developers! ![](https://secure.gravatar.com/avatar/36ac134ff01faa7e7f98d41219f8ef479e0b24f82149b19f52ba1d8e96765af0? s=60&d=retro&r=g) ### 󠀁[Amazing plugin!](https://wordpress.org/support/topic/amazing-plugin-2315/)󠁿 [ninievy](https://profiles.wordpress.org/ninievy/) 2023-يىلى 9-يانۋار 1 reply This plugin is great! Works really well and Dominic is really helpful if you have any question. I recommend. ![](https://secure.gravatar.com/avatar/f4ac8e66d50bbc514f0860d8fe75e4ce54bd884c20006b39e25867c0b1281d31? s=60&d=retro&r=g) ### 󠀁[Awesome plugin](https://wordpress.org/support/topic/awesome-plugin-5768/)󠁿 [andreslora09](https://profiles.wordpress.org/andreslora09/) 2021-يىلى 3-مارت 1 reply Also the author help me out a lot with things related to the plugin. ![](https://secure.gravatar.com/avatar/0ffc182971a449f8293223ef2f6de10d61158458fea5480cf45c264d8219f964? s=60&d=retro&r=g) ### 󠀁[Good support](https://wordpress.org/support/topic/good-support-362/)󠁿 [alex0311](https://profiles.wordpress.org/alex0311/) 2020-يىلى 1-ئاۋغۇست 1 reply The plugin author is very reactive. [ 10 باھالاشنىڭ ھەممىنى ئوقۇش ](https://wordpress.org/support/plugin/bdvs-password-reset/reviews/) ## تۆھپىكار ۋە ئىجادكار «Password Reset with Code for WordPress REST API» كودى ئوچۇق يۇمشاق دېتال. تۆۋەندىكى كىشىلەر بۇ قىستۇرمىغا تۆھپە قوشقان. تۆھپىكار * [ dominic_ks ](https://profiles.wordpress.org/dominic_ks/) * [ Amitkumar Dudhat ](https://profiles.wordpress.org/wpamitkumar/) «Password Reset with Code for WordPress REST API» 2 تىلغا تەرجىمە قىلىنغان. [تەرجىمانلار](https://translate.wordpress.org/projects/wp-plugins/bdvs-password-reset/contributors) نىڭ تۆھپىسى ئۈچۈن رەھمەت. [«Password Reset with Code for WordPress REST API» نى تىلىڭىزغا تەرجىمە قىلىڭ](https://translate.wordpress.org/projects/wp-plugins/bdvs-password-reset) ### ئىجادىيەتكە قىزىقامسىز؟ [كودقا كۆز يۈگۈرتۈپ](https://plugins.trac.wordpress.org/browser/bdvs-password-reset/)، [SVN خەزىنە](https://plugins.svn.wordpress.org/bdvs-password-reset/) تەكشۈرۈپ ياكى [RSS](https://plugins.trac.wordpress.org/log/bdvs-password-reset/?limit=100&mode=stop_on_copy&format=rss) ئارقىلىق [ئىجادىيەت خاتىرىسى](https://plugins.trac.wordpress.org/log/bdvs-password-reset/) گە مۇشتەرى بولغىلى بولىدۇ. ## ئۆزگىرىش خاتىرىسى #### 0.0.17 * switched to a cryptographically secure function to generate reset codes * updated compatibility to 6.5 #### 0.0.16 * updated compatibility to 6.3 * By default users with the administrator role are no longer able to reset their password using this plugin * The default length of the code that is generated has been increased from 4 to 8 characters * The default characters that are used to generate the code have been increased to include upper and lower case letters as well as special characters #### 0.0.15 * updated compatibility to 6.1.1 #### 0.0.14 * updated compatibility to 5.9.3 #### 0.0.13 * updated to min version 4.6 to allow translations #### 0.0.12 * resolved file include errors #### 0.0.11 * resolved php warnings #### 0.0.10 * relocated email send function * added translation functions, should be translation ready! get in contact to get involved! #### 0.0.9 * fixed invalid plugin header issue #### 0.0.8 * fixed minor typos in docs * added filter to use custom namespace * fixed bug with time format filter #### 0.0.7 * PLEASE READ: SOME DEFAULT BEHAVIOUR HAS CHANGED: * Added maximum allowed failed attempts to validate a code before automatically expiring it, default has been set to 3 * Added filters to include letters and well as numbers in the reset code as well as allowing you to specify your own string * Added filters to allow the exclusion of certain roles from being able to reset their password, e.g. if you want to exclude Administrators #### 0.0.6 * Added support for WP versions earlier than 5.2.0 due to timezone function availability #### 0.0.5 * Replaced missing api file #### 0.0.4 * Added /validate-code to allow checking a code’s validity without actually resetting the password #### 0.0.3 * Fixed bug causing 500 error where WordPress TimeZone was set to a manual UTC offsite ## Meta * Version **0.0.17** * ئاخىرقى يېڭىلانغان ۋاقىت **10 ئاي بۇرۇن** * ئاكتىپ ئورنىتىش سانى **1,000+** * WordPress نەشرى ** 4.6 ياكى يۇقىرى ** * **6.8.5** دا سىنالغان * PHP نەشرى ** 5.4 ياكى يۇقىرى ** * تىل * [English (US)](https://wordpress.org/plugins/bdvs-password-reset/)، [Spanish (Dominican Republic)](https://es-do.wordpress.org/plugins/bdvs-password-reset/) ۋە [Swedish](https://sv.wordpress.org/plugins/bdvs-password-reset/). * [تىلىڭىزغا تەرجىمە قىلىڭ](https://translate.wordpress.org/projects/wp-plugins/bdvs-password-reset) * بەلگە * [password reset](https://ug.wordpress.org/plugins/tags/password-reset/)[wp-api](https://ug.wordpress.org/plugins/tags/wp-api/) * [ئالىي كۆرۈنۈش](https://ug.wordpress.org/plugins/bdvs-password-reset/advanced/) ## دەرىجە 5/5 يۇلتۇز * [ 10 5-star reviews ](https://wordpress.org/support/plugin/bdvs-password-reset/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/bdvs-password-reset/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/bdvs-password-reset/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/bdvs-password-reset/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/bdvs-password-reset/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/bdvs-password-reset/reviews/#new-post) [بارلىق ئىنكاسنى كۆرسەت](https://wordpress.org/support/plugin/bdvs-password-reset/reviews/) ## تۆھپىكار * [ dominic_ks ](https://profiles.wordpress.org/dominic_ks/) * [ Amitkumar Dudhat ](https://profiles.wordpress.org/wpamitkumar/) ## قوللاش چۈشەندۈرۈشىڭىز بارمۇ؟ ياردەم لازىممۇ؟ [قوللاش مۇنبىرىنى كۆرسەت](https://wordpress.org/support/plugin/bdvs-password-reset/)