How to fix the WordPress password reset email loop when using Mailgun

If you’re using WordPress and Mailgun together (which is arguably a very good idea) there’s a gotcha that you have to watch out for.

By default the Mailgun plugin has click tracking enabled. When using click tracking, Mailgun will rewrite links in your outbound emails to route through the CNAME record you set up when integrating your Mailgun account with the domain (usually

That’s all well and good, but apparently something breaks when you try to use this with the Forgot Password form (or, more specifically, once you click through and attempt to land on the Reset Password page). When sending the “Password Reset Requested” email, you’ll get a link that looks like this:

Click here to reset your password:[…]LyEfD

Clicking that link will just route you right back to the “Forgot your password” form. This is not what we want.

There are two places where you have to disable click tracking to get around this behavior:

  1. In your Mailgun domain control panel: Mailgun > Domains > Your Domain > Tracking Settings > Click Tracking [off]
  2. In your WordPress settings menu: WP Admin > Settings > Mailgun > Click Tracking [no]

After disabling both of those, requesting a password reset link should give you the proper URL (I’m using WooCommerce, so it’s routing through /my-account/lost-password; by default, it’ll be /wp-login.php, though you should really change that):

Click here to reset your password:[…]ouY&login=YourUsername

Note: If you’re having trouble with WooCommerce here, I should mention that you have to be using the browser instance that the reset cookie was saved under (no copy/pasting links out of emails). See here in the WooCommerce source code for what it’s looking at. As far as I know, the base WP configuration doesn’t require this.