As the doctor said, the customer is not presented with a password change UNLESS they request a change when they forget their password.
As your image shows, the problem is on the admin side. History has shown us that your SSL and 301 redirects can have a similar effect on the password change.
Your SSL is set for your site WITHOUT the www. However, your site will accept www in the URL when trying to access the site.
This is not acceptable to most search engines and will get you a hit as duplicate listing as https://YOUR_SITE.com is different from https://www.YOUR_SITE.com.
The admin is more "picky" when it comes to the match.
For example, we have found that accessing the admin with other than an SSL-matching URL can cause the problem you are seeing.
Some of our customers set their bookmarks before finding that we issue SSLs without the www. So, they were trying to change the password and the system was saying, "You're coming from a place that's NOT protected."
The quickest fix is to make sure you are accessing the admin WITHOUT www in the URL and make sure something doesn't change that during the process. (i.e., a link in your admin that has www in it.)
For the long haul, we recommend our customers put a 301 redirect in a .htaccess file in the root of the site. If you have cPanel, it will do that for you but, make sure you select Do Not Redirect www.
If that option is not available to you in your management panel, there is a free generator that creates the following:
Code:
# Needed before any rewritingRewriteEngine On
### Built using the .htaccess 301 Redirect Generator from Web Site Advantage
### https://websiteadvantage.com.au/HtAccess-301-Redirect-Generator
### Place after 'RewriteEngine On' and before any CMS specific rewrite rules
# Redirect HTTP with www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
# Redirect HTTP without www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTPS with www to HTTPS without www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
## 301 Redirects
Whether you do it with cPanel, some other management system, or by adding the above code to your .htaccess file; it should cure the problem.
Bookmarks