WordPress Password Reset Hacks

Today while going through my normal process I was about to reset one of my customer’s WordPress password and send over some billing instructions. As a WordPress administrator, updating someone else’s password via /wp-admin/users.php triggers an automatic email to that particular user. That email is generally unwanted as I’m already planning to communicate with the customer.

These password notice emails cause enough customers to respond that I decided to skip them

While there are plugins to turn these off, installing and activating a plugin every time I’m helping with a password reset seems unnecessary. I’d prefer to use something like WP-CLI. While some WP-CLI commands have a --skip-email flag, the command wp user update does not.

Resetting user account without email notify via WP-CLI

I was able to eventually come up with a single bash script to do the job. This will first prompt for the username then ask for the new password. To workaround the email notifications I’m using the WordPress function wp_set_password.

function anchor_reset_password {
  read -p $'\e[31mUsername\e[0m: ' username
  read -s password
  user_id=$(wp user get $username --field=ID)
  wp eval "wp_set_password(\"${password}\", $user_id);"
  unset password