wp_password_change_notification( WP_User $user )

Notify the blog admin of a user changing password, normally via email.


Parameters

$user WP_User Required
User object.

Top ↑

More Information

  • This function is normally called when a user resets a lost password, not if the password is changed on their profile page.
  • This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.

Top ↑

Source

File: wp-includes/pluggable.php. View all references

function wp_password_change_notification( $user ) {
	// Send a copy of password change notification to the admin,
	// but check to see if it's the admin whose password we're changing, and skip this.
	if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
		/* translators: %s: User name. */
		$message = sprintf( __( 'Password changed for user: %s' ), $user->user_login ) . "\r\n";
		// The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
		// We want to reverse this for the plain text arena of emails.
		$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );

		$wp_password_change_notification_email = array(
			'to'      => get_option( 'admin_email' ),
			/* translators: Password change notification email subject. %s: Site title. */
			'subject' => __( '[%s] Password Changed' ),
			'message' => $message,
			'headers' => '',
		);

		/**
		 * Filters the contents of the password change notification email sent to the site admin.
		 *
		 * @since 4.9.0
		 *
		 * @param array   $wp_password_change_notification_email {
		 *     Used to build wp_mail().
		 *
		 *     @type string $to      The intended recipient - site admin email address.
		 *     @type string $subject The subject of the email.
		 *     @type string $message The body of the email.
		 *     @type string $headers The headers of the email.
		 * }
		 * @param WP_User $user     User object for user whose password was changed.
		 * @param string  $blogname The site title.
		 */
		$wp_password_change_notification_email = apply_filters( 'wp_password_change_notification_email', $wp_password_change_notification_email, $user, $blogname );

		wp_mail(
			$wp_password_change_notification_email['to'],
			wp_specialchars_decode( sprintf( $wp_password_change_notification_email['subject'], $blogname ) ),
			$wp_password_change_notification_email['message'],
			$wp_password_change_notification_email['headers']
		);
	}
}

Top ↑

Hooks



Top ↑

Changelog

Changelog
Version Description
2.7.0 Introduced.

Top ↑

User Contributed Notes

  1. Skip to note 1 content
    Contributed by Creative Andrew

    The function is hooked to the 'after_password_reset' action, so I think a simpler way to disable it would be just:

    remove_action( 'after_password_reset', 'wp_password_change_notification' );
  2. Skip to note 2 content
    Contributed by rsm0128

    By default, WordPress sends a notification to the blog admin whenever a user changed the password.
    To disable this just add below code to your theme or plugin.

    if ( ! function_exists( 'wp_password_change_notification' ) ) :
        function wp_password_change_notification( $user ) {
            return;
        }
    endif;
  3. Skip to note 3 content
    Contributed by FixItDik

    Alternative method to prevent these emails being sent, put the following code in your functions.php file of your theme or plugin:

    // disable the email notification to admin when user changes password
    add_filter('wp_password_change_notification_email','my_stop_email');
    function my_stop_email($email, $user, $site) {
    	$email['to']=''; //empty the TO: part, will fail to send
    	return $email;
    }

    (I found rsm0128’s suggestion did not work for me in WordPress 6.0)

You must log in before being able to contribute a note or feedback.