When building an e-commerce store, it’s easy to get lost in the details of setting up products and refining checkout flow, and then overlook key important features. One feature I see a lot of new stores overlook is their password reset function. Ignore this at your peril, because it is your most important store feature after the checkout function.
Why?
Well, when was the last time you had to reset a password? Probably within the last 24 hours. Passwords are a major annoyance for people in the internet age. And while a lot of people use password managers these days, millions of people still don’t. And they likely don’t remember the password they randomly set up on your website.
I get several password reset notifications from my WordPress store a week, more when store sale emails are deployed. This process on your store must work smoothly and quickly. If it does not, you will either get people emailing you to complain, or they will simply not place an order.
So, here are a few things to keep an eye out for.
Deliverability
You should be using a third-party email sending service for your transactional emails. This ensures they almost always get through. You should be using the same service for WordPress-related emails as well. It’s easy for a password reset email to end up in a SPAM folder. I use AmazonSES for all my transactional and WordPress emails, but there are plenty of alternatives like Mailchimp or Sendgrid (but they are expensive). The emails need to be FAST. Every second a password reset email takes to get to the user, the more likely they are to click away and not order.
Test Test Test
You need to test your password reset function several times. Make sure it works. Do you run into any weird problems? Because I guarantee you, if you do, one of your customers will, and they will get frustrated.
Consider Passwordless Login
A new trend in checkout flow is to have a password-less login function. It works by sending using a unique login email link which gives them access to their account and checking out. It’s sometimes more secure than regular username/password logins, as only the person who has access to their email can get the login information.
Protect Your Store
Password reset functions can be easily abused by threat actors. Bots can test thousands of usernames and passwords on your login and reset forms, hammering your site with fake traffic and hogging bandwidth and server resources. So, it’s important to protect them with a Captcha and use security plugins like Wordfence or All In One WP Security that will lock out people trying to log in multiple times. Do not make this process too difficult, as you will end up antagonizing your customers.
So, if you haven’t already. Register for your own website in another browser, and reset your password. Do it right now. Make sure it works. Make it seamless. If it’s not, you have work to do today.