Updates the user’s password with a new hashed one.

Description

For integration with other applications, this function can be overwritten to instead use the other package password checking algorithm.

Please note: This function should be used sparingly and is really only meant for single-time application. Leveraging this improperly in a plugin or theme could result in an endless loop of password resets if precautions are not taken to ensure it does not execute on every page load.

Parameters

$passwordstringrequired

The plaintext new user password.

$user_idintrequired

User ID.

Source

function wp_set_password( $password, $user_id ) {
	global $wpdb;

	$old_user_data = get_userdata( $user_id );

	$hash = wp_hash_password( $password );
	$wpdb->update(
		$wpdb->users,
		array(
			'user_pass'           => $hash,
			'user_activation_key' => '',
		),
		array( 'ID' => $user_id )
	);

	clean_user_cache( $user_id );

	/**
	 * Fires after the user password is set.
	 *
	 * @since 6.2.0
	 * @since 6.7.0 The `$old_user_data` parameter was added.
	 *
	 * @param string  $password      The plaintext password just set.
	 * @param int     $user_id       The ID of the user whose password was just set.
	 * @param WP_User $old_user_data Object containing user's data prior to update.
	 */
	do_action( 'wp_set_password', $password, $user_id, $old_user_data );
}

View all references View on Trac View on GitHub

Hooks

do_action( ‘wp_set_password’, string $password, int $user_id, WP_User $old_user_data )

Fires after the user password is set.

Changelog