Force users to change password on first login in WordPress

My user’s questions and queries always given me an idea to write about new post at Avyatech. Today I am writing about Force users to change password on first login in WordPress. Are you new wordpress user? Or you are going to migrate your website or blog from any platform to wordpress? Let’s get started and read about a helpful feature in wordpress.

Force users to change password in WordPress

There is no need to install any extra plugin and do activate and deactivate any existing plugins. I am sharing few steps that help you to change password on first login in wordpress easily.

Step 1. Add code to theme’s functions.php

  1. Adding a force_login meta field when user register to site.

add_action( 'user_register', 'force_login_meta_update', 10, 1 );
function force_login_meta_update( $user_id ) {
update_user_meta($user_id, 'force_login', 1);
}

Step 2. Create a template ‘template-pwdreset.php’.

<?php  /* Template Name: Password Reset Form */ global $wpdb, $current_user; get_currentuserinfo(); $user_ID  = $current_user->ID;
if ($user_ID) { //show only to logged in users

$redirect_url = $_GET['redirect_to'];
$check_val   = 'wp-admin';
$pos = strpos($redirect_url, $check_val);
if ($pos === false) {
 $redirect_url = $_GET['redirect_to'];
} else {
$site_url = get_site_url();
 $redirect_url = $site_url;
} ?>

<h1>&lt;?php the_title(); ?&gt;</h1>




<form class="form-horizontal user_form" id="wp_reset_password" action="" method="post">
<input type="hidden" value="&lt;?php echo $user_ID; ?&gt;" name="userid">
 <input type="hidden" value="&lt;?php echo $redirect_url; ?&gt;" name="redirect_to" id="redirect_to">
    
<div class="resetpassword-error"></div>

 
<div class="form-group">
<label class="control-label col-sm-3 col-xs-12" >New Password:</label>

<div class="col-sm-9 col-xs-12">
  <input class="form-control" value="" name="resetnewpass" id="resetnewpass" type="password">
</div>

 </div>

 
<div class="form-group">
<label class="control-label col-sm-3 col-xs-12" >Confirm Password:</label>

<div class="col-sm-9 col-xs-12">
  <input class="form-control" value="" name="restnewcpass" id="restnewcpass" type="password">
</div>

 </div>

 
<div class="form-group">
 
<div class="col-sm-offset-3 col-sm-9 col-xs-12">
 
<div class="formbtn">
  <input type="hidden" value="resetpwd" name="action">
 &lt;?php wp_nonce_field( 'resetpwd', 'resetpassword' ); ?&gt;
  <input type="submit" id="resetsubmitbtn" class="newreset_password" name="submit" value="Update Password" />
  </div>

  
<div class="regwaiting" style="display:none;"></div>

 </div>
</div>
</div>
</form>

     &lt;?php &nbsp;} ?&gt; 

Step 3. Create a Reset Password page.

Force users to change password on first login in WordPress

  1. Add a new page named ‘Reset Password’.

  2. Select the ‘Password Reset Template’ for the page.

Step 4. When subscriber login at first time, it will be redirected to reset password page.

Force users to change password on first login in WordPress 2

  1. Add the below code in functions.php to redirect the subscriber to reset password page when login at first time.

function redirect_passwort_login_redirect($redirect_to, $url_redirect_to = '', $user = null) {
 if(isset($user->ID) ) {
$changed_password = get_metadata("user", $user->ID, "force_login",true);
if( $changed_password == 1 ) {
  return get_bloginfo('url') . "/reset-password/?redirect_to=".$redirect_to;
} else {
  return get_bloginfo('url');
}
 }
 return $redirect_to;
}
add_filter('login_redirect', 'redirect_passwort_login_redirect',10,3);

Step 5. Add the below code in functions.php to reset the password.

// reset password update
add_action('wp_ajax_nopriv_resetpwd', 'resetpwd');
// add action for logged in user
add_action('wp_ajax_resetpwd','resetpwd');
add_action('admin_post_nopriv_resetpwd', 'resetpwd');

function resetpwd(){
 global $wpdb, $user_ID;
 $error  = array();
 $id = $_POST['userid'];
 $new_password = $_POST['restnewcpass'];
 if (!isset( $_POST['resetpassword'] )  || ! wp_verify_nonce( $_POST['resetpassword'], $_POST['action'] ) ) {
  $error[] = 'Please refresh your page and then update';
 } else {
$userdata['ID'] = $id; //admin user ID
  $userdata['user_pass'] = $new_password;
  wp_update_user( $userdata );

update_metadata("user",$id,"force_login",0);
echo json_encode(array('type' => 'success', 'message' => "

Your password is updated successfully

"));
die;
 }

 if(sizeof($error)>0){
echo json_encode(array('type' => 'error', 'message' => implode("
", $error)));
die;
 }
}

6 responses to “Force users to change password on first login in WordPress

  1. Atul Host says:

    Awesome tutorial. It will surly help my author based blog to secure from weak passwords.

  2. Lionel Robuchon says:

    get_currentuserinfo() is depreciated, you have to work with wp_get_current_user now, but still. It’s not working for me. any word around ?

  3. Françoise says:

    Hi ! Thank you for this tutorial ! But is it possible to create a shortcode to display the form into a page created with Elementor ?

  4. Doudou says:

    Hello, thank you for this tutorial. I tried it but id doesn’t work correctly. J had to change the line return get_bloginfo(‘url’) . “/reset-password/?redirect_to=”.$redirect_to; in return get_bloginfo(‘url’) . “/the-name-of-my-renew-password-page;

    because the link didn’t work. Now, the user is correctly redirected to this page. But after entered his new password, the same page is reloaded without any error message. It’s WP 4.2.9.8. Do you have an idea ? Thanks a lot !

  5. Gaby says:

    hello, thanks for your tutorial. Is it possible to create a shorcode (and how) to display the form into a page created with Elementor ? Thanks a lot

  6. Gaby says:

    Thanks for this tutorial but is it necessary to create a new fiel in the user table ?
    I added your code in functions.php and created a new model page.
    At the first login, this page open. But after entry the new password, I come back on the same page.
    Thanksfor your help

Leave a Reply

Your email address will not be published. Required fields are marked *

Avyatech Logo