Updates the user’s password with a new hashed one.
Description
For integration with other applications, this function can be overwritten to instead use the other package password checking algorithm.
Please note: This function should be used sparingly and is really only meant for single-time application. Leveraging this improperly in a plugin or theme could result in an endless loop of password resets if precautions are not taken to ensure it does not execute on every page load.
Parameters
$passwordstringrequired- The plaintext new user password.
$user_idintrequired- User ID.
Source
function wp_set_password( #[\SensitiveParameter] $password, $user_id ) { global $wpdb; $old_user_data = get_userdata( $user_id ); $hash = wp_hash_password( $password ); $wpdb->update( $wpdb->users, array( 'user_pass' => $hash, 'user_activation_key' => '', ), array( 'ID' => $user_id ) ); clean_user_cache( $user_id ); /** * Fires after the user password is set. * * @since 6.2.0 * @since 6.7.0 The `$old_user_data` parameter was added. * * @param string $password The plaintext password just set. * @param int $user_id The ID of the user whose password was just set. * @param WP_User $old_user_data Object containing user's data prior to update. */ do_action( 'wp_set_password', $password, $user_id, $old_user_data ); } Hooks
- do_action( ‘wp_set_password’,
string $password ,int $user_id ,WP_User $old_user_data ) Fires after the user password is set.
Below is an example showing how to update a user’s password
Please note: This code should be deleted after ONE page load, otherwise the password will be reset on every subsequent load, sending the user back to the login screen each time.