Lost password URL hardcoded
There is a hardcoded version of the password reset URL which I think 'should' be using the wpforo_lostpass_url() function to return the correct URL in all circumstances. Currently it is not possible to redirect users to our reset-password page, even though we have entered a custom value in the settings. This is under the specific case that users have entered a username or email that is not in use.
This is easily fixed.
wpforo/wpf-includes/wpf-hooks.php line 2070
$redirect_url = wpforo_home_url( '?wpforo=lostpassword' );
$redirect_url = wpforo_lostpass_url();
You can simple disable wpForo Reset Password feature and use the default WordPress one. It'll allow to use WordPress hooks too. The option to disable wpForo Reset Password URL overwriting is located in Dashboard > Forums > Settings > Features admin page.
Thanks for the suggestion, I have just tried it...
Unfortunately doing that makes things a lot worse. There are more instances where wp-login.php is hardcoded, rather than using the wp_login_url() function. Using the WPforo method there is only 1 instance where the URL is hardcoded and specifically why I was hoping it would be corrected. For now I am overriding the function entirely just to fix that one line.
In next version you can use 'wpforo_lostpass_url' hook. We made these changes in files: