Feature #37522: Add wp_lostpassword_form() function for embedding the lost password form anywhere

[Vedanshmini26]

Core Trac: https://core.trac.wordpress.org/ticket/37522

Problem
WordPress provides wp_login_form() in wp-includes/general-template.php which allows developers to embed the login form anywhere on a site via themes, plugins, or shortcodes. However, no equivalent function exists for the lost password form. Developers who need to embed a lost password form outside of wp-login.php are forced to either copy raw HTML from core into their own code, redirect users to wp-login.php?action=lostpassword (breaking custom branding), or rely on third-party plugins — all of which are undesirable alternatives.

Root Cause
The lost password form has always been hardcoded as inline HTML directly inside the case 'lostpassword' block of wp-login.php with no reusable function wrapping it. While wp_login_form() was introduced as a proper reusable function following WordPress coding standards, the lost password form was never given the same treatment, leaving a gap in the API surface.

Solution
Introduces wp_lostpassword_form() in src/wp-includes/general-template.php, following the exact same pattern and conventions as wp_login_form():

src/wp-includes/general-template.php — New function wp_lostpassword_form():

Accepts an $args array with configurable options: echo, redirect, form_id, id_username, id_submit, label_username, label_submit
Fires the existing lostpassword_form action hook inside the form (already documented in core since 2.1.0)
Adds three new filters for extensibility: lostpassword_form_defaults, lostpassword_form_top, and lostpassword_form_bottom — mirroring the login_form_defaults, login_form_top, and login_form_bottom filters on wp_login_form()
Returns or echoes HTML based on the echo argument
Reads $_POST['user_login'] safely to repopulate the username field on failed submissions
src/wp-login.php — Updated case 'lostpassword':

Replaces the inline hardcoded form HTML with a call to wp_lostpassword_form(), passing $redirect_to as the redirect argument
Ensures wp-login.php and any custom embed use identical markup going forward
Developers can now embed the lost password form anywhere:

// Echo directly
wp_lostpassword_form();

// Return as string (e.g. for a shortcode)
add_shortcode( 'lost_password', function() {
return wp_lostpassword_form( array( 'echo' => false ) );
} );

// With custom redirect
wp_lostpassword_form( array(
'redirect' => home_url( '/account/' ),
) );

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Unlinked Accounts

The following contributors have not linked their GitHub and WordPress.org accounts: @gclapps0612-cmd.

Contributors, please read how to link your accounts to ensure your work is properly credited in WordPress releases.

Core Committers: Use this line as a base for the props when committing in SVN:

Props sheldorofazeroth.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[github-actions]

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

• All changes will be lost when closing a tab with a Playground instance.
• All changes will be lost when refreshing the page.
• A fresh instance is created each time the link below is clicked.
• Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
  it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

[Vedanshmini26]

Re-run failed jobs

[gclapps0612-cmd]

{ "permissions": { "allow": [ "Bash(curl *)", "Bash(ssh *)", "Bash(scp *)", "Bash(wp *)", "Bash(python3 *)", "Bash(mkdir *)", "Bash(ls *)", "Bash(cat *)", "Bash(wc *)", "Bash(head *)", "Bash(tail *)", "Bash(grep *)", "Bash(open *)", "Bash(cd *)", "Read", "Write(data/*)", "Write(config.json)", "Edit(data/*)", "Edit(config.json)" ] } } George Ralph

…

On Thu, Apr 9, 2026, 5:02 AM Vedanshmini26 ***@***.***> wrote: *Vedanshmini26* left a comment (WordPress/wordpress-develop#11508) <#11508 (comment)> Re-run failed jobs — Reply to this email directly, view it on GitHub <#11508 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BXZWJXB54DT6H3J7INAXE5T4U5RJ3AVCNFSM6AAAAACXSE3SMOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DEMJSHEZDQMZUHE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>