Notifies the blog admin of a user changing password, normally via email.
Parameters
$user
WP_Userrequired- User object.
Source
function wp_password_change_notification( $user ) {
/*
* Send a copy of password change notification to the admin,
* but check to see if it's the admin whose password we're changing, and skip this.
*/
if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
$admin_user = get_user_by( 'email', get_option( 'admin_email' ) );
if ( $admin_user ) {
$switched_locale = switch_to_user_locale( $admin_user->ID );
} else {
$switched_locale = switch_to_locale( get_locale() );
}
/* translators: %s: User name. */
$message = sprintf( __( 'Password changed for user: %s' ), $user->user_login ) . "\r\n";
/*
* The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
* We want to reverse this for the plain text arena of emails.
*/
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
$wp_password_change_notification_email = array(
'to' => get_option( 'admin_email' ),
/* translators: Password change notification email subject. %s: Site title. */
'subject' => __( '[%s] Password Changed' ),
'message' => $message,
'headers' => '',
);
/**
* Filters the contents of the password change notification email sent to the site admin.
*
* @since 4.9.0
*
* @param array $wp_password_change_notification_email {
* Used to build wp_mail().
*
* @type string $to The intended recipient - site admin email address.
* @type string $subject The subject of the email.
* @type string $message The body of the email.
* @type string $headers The headers of the email.
* }
* @param WP_User $user User object for user whose password was changed.
* @param string $blogname The site title.
*/
$wp_password_change_notification_email = apply_filters( 'wp_password_change_notification_email', $wp_password_change_notification_email, $user, $blogname );
wp_mail(
$wp_password_change_notification_email['to'],
wp_specialchars_decode( sprintf( $wp_password_change_notification_email['subject'], $blogname ) ),
$wp_password_change_notification_email['message'],
$wp_password_change_notification_email['headers']
);
if ( $switched_locale ) {
restore_previous_locale();
}
}
}
Hooks
- apply_filters( ‘wp_password_change_notification_email’,
array $wp_password_change_notification_email ,WP_User $user ,string $blogname ) Filters the contents of the password change notification email sent to the site admin.
Changelog
Version | Description |
---|---|
2.7.0 | Introduced. |
The function is hooked to the
'after_password_reset'
action, so I think a simpler way to disable it would be just:By default, WordPress sends a notification to the blog admin whenever a user changed the password.
To disable this just add below code to your theme or plugin.
function_exists(...
returns true so WordPress must already define this function before the functions.php of a theme is called.plugins_loaded
action, occurs beforesetup_theme
.Alternative method to prevent these emails being sent, put the following code in your functions.php file of your theme or plugin:
(I found rsm0128’s suggestion did not work for me in WordPress 6.0)
The email this notification will send after password changed, looks like:
From: WordPress
To: admin@example.com
Subject: [WordPress] Password Changed
Password changed for user: username