Skip to content
Fixes Hosting

WordPress Password Reset Email Not Arriving

Fix a WordPress password reset email that is not arriving by checking the account, spam filtering, SMTP delivery, DNS authentication, and host mail logs.

6 min read Last updated Jun 17, 2026

The most likely cause is that WordPress is generating the reset email, but the message is being filtered, blocked by the host mail system, or sent from a domain that is not authenticated. First, confirm the right user account and check spam, then move to SMTP and DNS only if the email still does not arrive.

Quick checks before changing anything

Start with the reset form at wp-login.php?action=lostpassword. WordPress supports resetting a password from the login screen by entering the username or email address, as covered in the official Reset Your Password documentation. Enter the username if you know it, not just the email address. This avoids a common mix-up where the person is checking the right mailbox but requesting a reset for the wrong WordPress user.

Check these next:

  • Search the mailbox for Password Reset, forgot password email, and your site name.
  • Check spam, junk, promotions, quarantine, and any email security portal your company uses.
  • Try the reset from another browser or a private window if the form seems stuck.
  • Ask another administrator to confirm the email address on your user profile in Users > Profile.
  • If the site has WooCommerce, membership, LMS, or security plugins, confirm whether the reset is for a WordPress user account or a plugin-managed customer/member flow.

WordPress also documents password and login problems under its common error guidance, including cases where a reset is needed but normal access is blocked: Common WordPress errors.

Decide where the failure is

Use this order so you do not change mail settings blindly.

What you see Most likely problem Next step
WordPress says the username or email is not recognized Account mismatch Confirm the user exists and the profile email is correct
WordPress accepts the reset request, but nothing arrives anywhere Mail delivery or host mail blocking Configure SMTP or check hosting mail logs
Other WordPress emails arrive, but password resets do not Security, membership, or email customization plugin Check plugin logs/settings and temporarily disable only the suspected mail customization
Email arrives in spam DNS authentication or sender reputation Fix SPF, DKIM, and DMARC through your DNS/email provider
Email arrives, but the reset link is expired or invalid Cached/security-scanned link or delayed delivery Request a fresh link and open it directly, not through a scanner preview

Confirm the WordPress user account

If you can still access wp-admin with another administrator account:

  1. Go to Users > All Users.
  2. Search for the affected username or email address.
  3. Open the user profile and confirm the email address.
  4. Save only if you need to correct the address.
  5. Send a new password reset from the login screen.

The Users area is where WordPress administrators manage existing user accounts and profile details; WordPress documents that screen in Users Screen.

If there is no other administrator, use your host’s emergency access tools before editing the database manually. Many hosts provide a WordPress user manager in their control panel. That is safer than changing rows directly in phpMyAdmin.

If phpMyAdmin is the only option, make a database backup first. A wrong edit in the users table can lock out the account or damage data if you edit the wrong place.

Check whether WordPress can send mail reliably

WordPress uses the server’s mail handling unless an SMTP plugin or custom mail service is configured. On many hosts, unauthenticated PHP mail is rate-limited, blocked, or treated as suspicious by receiving mail providers.

The practical fix is to send WordPress email through authenticated SMTP or a transactional email service. Use a reputable SMTP plugin, then connect it to the mailbox or mail service that is allowed to send for your domain.

After configuring SMTP:

  1. Send the plugin’s test email to the affected address and to a second address on another provider.
  2. If the test email fails, read the plugin’s error message before changing DNS.
  3. If the test email works but password resets still do not arrive, check whether another plugin is overriding password reset emails.
  4. Send a fresh reset from the WordPress login screen.

Do not leave the SMTP plugin half-configured. A plugin with the wrong host, port, encryption, or sender can make delivery worse than the default mail behavior.

Fix DNS authentication if messages go to spam

If reset emails arrive in spam or are rejected by corporate mail systems, check the sending domain’s DNS records with your DNS or email provider.

At minimum, the domain used in the email’s “From” address should be authorized to send mail through your SMTP provider. That usually means:

  • SPF includes the sending service.
  • DKIM is enabled and verified.
  • DMARC exists and matches your mail policy.

Make these changes where your domain’s DNS is hosted, not necessarily inside WordPress. After saving DNS records, wait for propagation and test again. DNS mistakes can affect all email from the domain, so copy records exactly from the mail provider’s documentation.

Check hosting mail logs when SMTP does not explain it

If the SMTP test passes but reset emails still disappear, ask the host for mail logs around the time of the reset request. Give them:

  • Site domain.
  • Approximate time and timezone.
  • Recipient address.
  • Sender address used by WordPress or the SMTP plugin.
  • Whether other WordPress emails are arriving.

This is the fastest way to separate “WordPress did not generate the email” from “the host or recipient rejected it.” Some hosts can show whether the message was accepted, deferred, blocked, or handed off to another mail server.

Optional SSH check with WP-CLI

If you have SSH and WP-CLI access, you can confirm the user account before making changes:

wp user get username_or_email --fields=ID,user_login,user_email,roles

Replace username_or_email with the actual login or email address. If the email is wrong, update it from wp-admin when possible. If wp-admin is unavailable and you must use WP-CLI, back up the database first:

wp db export before-user-email-change.sql
wp user update USER_ID [email protected]

WP-CLI’s official command reference documents wp user get and wp user update options: wp user.

How to confirm the fix worked

Request a new password reset after each change. Old reset links may expire or become invalid after a newer request.

The fix is working when:

  • The reset email arrives within a few minutes.
  • The message lands in inbox or a known filtered folder.
  • The reset link opens the WordPress password reset screen.
  • The user can save a new password and log in.

If the email arrives only at Gmail or Outlook but not at a company address, treat it as recipient-side filtering. Ask the recipient’s mail admin to check quarantine or rejection logs.

Rollback and escalation notes

Remove or disable only the SMTP plugin setting you just changed if mail delivery gets worse. Keep a note of the previous SMTP host, port, encryption method, sender address, and authentication option before editing them.

Contact your host when WordPress accepts the reset request but no email is logged or delivered. Contact your DNS or email provider when messages are delivered to spam, rejected for authentication, or failing SPF/DKIM/DMARC checks.

Published by

Editorial Staff

Practical WordPress fixes, recovery steps, and performance notes from the BugWP editorial team.

4 min read Create a Simple WordPress Shortcode with a Safe PHP Snippet 5 min read Add a WordPress PHP Snippet Without Breaking the Site 5 min read How to Add Custom CSS to WordPress Safely