Issue With WooCommerce Password Reset & WP Engine
A client was having an issue resetting their password on their Woocommerce website recently.
They would request a new password via WordPress’s built-in reset form, receive the email with a link to reset their password, but when they would click on the link, they would be brought back to the same page as before, going around in a loop.
This was weird.
After a few minutes investigating, I noticed the password reset URL looked like so:
https://www.example.com/my-account/lost-password/?show-reset-form=true&actionSo, what we see here is that the URL is the same as the password reset URL, with one difference, a query string is added to show the reset form (?show-reset-form=true&action), but of course this wasn’t the case with my client, they kept seeing the reset form.
As the website is hosted on WP Engine (a fantastic host, to add), I had experienced similar issues with them caching pages with other websites I managed and experienced similar behaviour.
So off I went to WP Engine support and asked them to exclude /my-account/* from being cached and all was well again.
Hopefully this helps someone with a similar issue in the future.
Hi Keith, I have the same issue here and my exclusion cache section (WPENGINE) have all this rules (for different needs) but the issue persist, reset password link redirect to login page (you can test it on my site). Any ideas? Thanks
arg: =lost-password
arg: wp-api=.+
arg: add-to-cart=.+
path: ^/myaccount/?
path: ^/lostpassword/?
path: ^/my-account/?
path: ^/my-account/lost-password/?
path: ^/lost-password/?
path: ^/cart
path: ^/checkout
path: ^/check-out
path: ^/products-compare
path: ^/coupons
path: ^/store
path: ^/wp-json/wc
path: ^/wc-api
path: ^/password-reset/?
path: ^/password?
cookie: woocommerce_cart_hash
cookie: wp_woocommerce_session
cookie: woocommerce_items_in_cart=[1-9]+