Using WordPress ‘lostpassword_errors’ PHP filter

The lostpassword_errors WordPress PHP Filter allows you to modify the error messages displayed during a password reset request.

Usage

add_filter('lostpassword_errors', 'your_custom_function', 10, 2);

function your_custom_function($errors, $user_data) {
    // your custom code here
    return $errors;
}

Parameters

$errors (WP_Error) – A WP_Error object containing any errors generated by using invalid credentials.
$user_data (WP_User|false) – WP_User object if found, false if the user does not exist.

More information

See WordPress Developer Resources: lostpassword_errors

Examples

Change invalid username error message

Customize the error message displayed for an invalid username during password reset.

add_filter('lostpassword_errors', 'change_invalid_username_error', 10, 2);

function change_invalid_username_error($errors, $user_data) {
    if ($errors->get_error_code() === 'invalid_username') {
        $errors->remove('invalid_username');
        $errors->add('invalid_username', __('Oops! We couldn\'t find that username.'));
    }
    return $errors;
}

Change invalid email error message

Customize the error message displayed for an invalid email address during password reset.

add_filter('lostpassword_errors', 'change_invalid_email_error', 10, 2);

function change_invalid_email_error($errors, $user_data) {
    if ($errors->get_error_code() === 'invalid_email') {
        $errors->remove('invalid_email');
        $errors->add('invalid_email', __('Oops! We couldn\'t find that email address.'));
    }
    return $errors;
}

Add custom error for specific username

Prevent password reset for a specific username and display a custom error message.

add_filter('lostpassword_errors', 'prevent_password_reset_for_user', 10, 2);

function prevent_password_reset_for_user($errors, $user_data) {
    if ($user_data && $user_data->user_login === 'restricted_user') {
        $errors->add('restricted_user', __('Sorry! Password reset is not allowed for this user.'));
    }
    return $errors;
}

Log failed password reset attempts

Log the number of failed password reset attempts for a specific user.

add_filter('lostpassword_errors', 'log_failed_password_reset_attempts', 10, 2);

function log_failed_password_reset_attempts($errors, $user_data) {
    if ($user_data && $errors->get_error_code()) {
        $attempts = (int) get_user_meta($user_data->ID, 'failed_password_reset_attempts', true);
        update_user_meta($user_data->ID, 'failed_password_reset_attempts', ++$attempts);
    }
    return $errors;
}

Remove all errors and force password reset email

Bypass any errors and always send the password reset email.

add_filter('lostpassword_errors', 'force_password_reset_email', 10, 2);
function force_password_reset_email($errors, $user_data) {
    $errors->remove_all_errors();
    return $errors;
}

One comment on “Using WordPress ‘lostpassword_errors’ PHP filter”

Sandeep says:

Monday, 17 April 2023 at 10:03 PM

Hook for showing invalid_username is not working when i echo $errors->get_error_code() in case of username its blank
It show with invalid_email and message is also working