- code review;

includes/core/class-password.php

@@ -623,7 +623,10 @@ if ( ! class_exists( 'um\core\Password' ) ) {
 					UM()->user()->password_changed();
 
 					// clear temporary data
-					update_user_meta( $user->ID, 'password_rst_attempts', 0 );
+					$attempts = (int) get_user_meta( $user->ID, 'password_rst_attempts', true );
+					if ( $attempts ) {
+						update_user_meta( $user->ID, 'password_rst_attempts', 0 );
+					}
 					$this->setcookie( $rp_cookie, false );
 
 					// logout

includes/core/um-actions-login.php

@@ -165,7 +165,12 @@ add_action( 'um_on_login_before_redirect', 'um_store_lastlogin_timestamp', 10, 1
 function um_store_lastlogin_timestamp_( $login ) {
 	$user = get_user_by( 'login', $login );
 	um_store_lastlogin_timestamp( $user->ID );
-	delete_user_meta( $user->ID, 'password_rst_attempts' );
+
+	$attempts = (int) get_user_meta( $user->ID, 'password_rst_attempts', true );
+	if ( $attempts ) {
+		//don't create meta but update if it's exists only
+		update_user_meta( $user->ID, 'password_rst_attempts', 0 );
+	}
 }
 add_action( 'wp_login', 'um_store_lastlogin_timestamp_' );
 

readme.txt

@@ -160,8 +160,10 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
 * Enhancements:
   - Added: General and role setting to avoid indexing users' profiles
   - Added: `um_prepare_user_results_array_meta` hook and the 2nd argument for `um_prepare_user_results_array` hook for handle $user_ids based on getting members query
+  - Added: Change password email when password has been reset
 
 * Bugfixes:
+  - Fixed: Creating and removing usermeta data with `password_rst_attempts` key, just update if exists for now
   - Fixed: Using 'edit_users' capability instead of 'manage_options' for approve|reject membership
   - Fixed: Using 'manage_options' capability instead of 'delete_users' for switching between members
   - Fixed: Using myCRED points metakeys in UM usermeta table