Introduction

A WordPress password reset can fail long before the user clicks any recovery link. In many cases, the site appears healthy, but the reset message never leaves the server, gets rejected by the mail provider, or lands in quarantine. The fix is to trace the reset email path from WordPress itself through SMTP, DNS, and inbox filtering so account recovery works again without weakening login security.

Symptoms

  • Users submit a password reset request but no email arrives
  • Other site notifications also fail or arrive inconsistently
  • WordPress says the reset email was sent even though the mailbox stays empty
  • Recovery messages land in spam, quarantine, or a different mailbox
  • The issue started after changing hosting, SMTP settings, or email providers

Common Causes

  • WordPress is trying to send mail through local PHP mail instead of a working SMTP service
  • The sender domain lacks correct SPF, DKIM, or DMARC alignment
  • A security or SMTP plugin changed the outgoing mail configuration incorrectly
  • The hosting provider blocks or throttles outbound mail from the web server
  • The recipient mailbox filters, forwards, or silently rejects the reset message

Step-by-Step Fix

  1. Trigger a password reset from the login screen and confirm whether WordPress reports success or throws a mail-related error.
  2. Test general outbound mail from the site so you know whether the problem affects only reset messages or all WordPress email.
  3. Review any SMTP or mail delivery plugin settings and verify the host, port, encryption mode, username, and sender address are all correct.
  4. Make sure the sender domain has valid SPF, DKIM, and DMARC records if you are sending through a branded domain.
  5. Check the mail provider logs or dashboard for rejected, deferred, or spam-foldered password reset messages.
  6. Inspect security, login, and membership plugins that might override the default password reset flow or block recovery for certain users.
  7. Confirm the reset email is being sent to the user’s current account address and not an old or compromised admin email.
  8. If the host blocks outbound mail, route WordPress through a supported transactional SMTP service instead of relying on local mail delivery.
  9. Re-test with a real user account and keep mail delivery monitoring in place so future login recovery issues are caught quickly.