<tr class="user-nickname-wrap">
<th><label for="nickname"><?php _e( 'Nickname' ); ?> <span class="description"><?php _e( '(required)' ); ?></span></label></th>
<?php if ( IS_PROFILE_PAGE ) : ?>
<input type="text" name="nickname" id="nickname" value="<?php echo esc_attr( $profile_user->nickname ); ?>" autocomplete="nickname" class="regular-text" />
<input type="text" name="nickname" id="nickname" value="<?php echo esc_attr( $profile_user->nickname ); ?>" class="regular-text" />
<tr class="user-display-name-wrap">
<label for="display_name"><?php _e( 'Display name publicly as' ); ?></label>
<select name="display_name" id="display_name">
$public_display = array();
$public_display['display_nickname'] = $profile_user->nickname;
$public_display['display_username'] = $profile_user->user_login;
if ( ! empty( $profile_user->first_name ) ) {
$public_display['display_firstname'] = $profile_user->first_name;
if ( ! empty( $profile_user->last_name ) ) {
$public_display['display_lastname'] = $profile_user->last_name;
if ( ! empty( $profile_user->first_name ) && ! empty( $profile_user->last_name ) ) {
$public_display['display_firstlast'] = $profile_user->first_name . ' ' . $profile_user->last_name;
$public_display['display_lastfirst'] = $profile_user->last_name . ' ' . $profile_user->first_name;
if ( ! in_array( $profile_user->display_name, $public_display, true ) ) { // Only add this if it isn't duplicated elsewhere.
$public_display = array( 'display_displayname' => $profile_user->display_name ) + $public_display;
$public_display = array_map( 'trim', $public_display );
$public_display = array_unique( $public_display );
<?php foreach ( $public_display as $id => $item ) : ?>
<option <?php selected( $profile_user->display_name, $item ); ?>><?php echo $item; ?></option>
<h2><?php _e( 'Contact Info' ); ?></h2>
<table class="form-table" role="presentation">
<tr class="user-email-wrap">
<th><label for="email"><?php _e( 'Email' ); ?> <span class="description"><?php _e( '(required)' ); ?></span></label></th>
<?php if ( $profile_user->ID === $current_user->ID ) : ?>
<input type="email" name="email" id="email" aria-describedby="email-description" value="<?php echo esc_attr( $profile_user->user_email ); ?>" autocomplete="email" class="regular-text ltr" />
<p class="description" id="email-description">
<?php _e( 'If you change this, an email will be sent at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ); ?>
<input type="email" name="email" id="email" value="<?php echo esc_attr( $profile_user->user_email ); ?>" class="regular-text ltr" />
$new_email = get_user_meta( $current_user->ID, '_new_email', true );
if ( $new_email && $new_email['newemail'] !== $current_user->user_email && $profile_user->ID === $current_user->ID ) :
$pending_change_message = sprintf(
/* translators: %s: New email. */
__( 'There is a pending change of your email to %s.' ),
'<code>' . esc_html( $new_email['newemail'] ) . '</code>'
$pending_change_message .= sprintf(
' <a href="%1$s">%2$s</a>',
esc_url( wp_nonce_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ), 'dismiss-' . $current_user->ID . '_new_email' ) ),
'additional_classes' => array( 'updated', 'inline' ),
<tr class="user-url-wrap">
<th><label for="url"><?php _e( 'Website' ); ?></label></th>
<td><input type="url" name="url" id="url" value="<?php echo esc_attr( $profile_user->user_url ); ?>" class="regular-text code" /></td>
<?php foreach ( wp_get_user_contact_methods( $profile_user ) as $name => $desc ) : ?>
<tr class="user-<?php echo $name; ?>-wrap">
<label for="<?php echo $name; ?>">
* Filters a user contactmethod label.
* The dynamic portion of the hook name, `$name`, refers to
* each of the keys in the contact methods array.
* @param string $desc The translatable label for the contact method.
echo apply_filters( "user_{$name}_label", $desc );
<input type="text" name="<?php echo $name; ?>" id="<?php echo $name; ?>" value="<?php echo esc_attr( $profile_user->$name ); ?>" class="regular-text" />
<h2><?php IS_PROFILE_PAGE ? _e( 'About Yourself' ) : _e( 'About the user' ); ?></h2>
<table class="form-table" role="presentation">
<tr class="user-description-wrap">
<th><label for="description"><?php _e( 'Biographical Info' ); ?></label></th>
<td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profile_user->description; // textarea_escaped ?></textarea>
<p class="description"><?php _e( 'Share a little biographical information to fill out your profile. This may be shown publicly.' ); ?></p></td>
<?php if ( get_option( 'show_avatars' ) ) : ?>
<tr class="user-profile-picture">
<th><?php _e( 'Profile Picture' ); ?></th>
<?php echo get_avatar( $user_id ); ?>
/* translators: %s: Gravatar URL. */
__( '<a href="%s">You can change your profile picture on Gravatar</a>.' ),
/* translators: The localized Gravatar URL. */
__( 'https://gravatar.com/' )
* Filters the user profile picture description displayed under the Gravatar.
* @since 4.7.0 Added the `$profile_user` parameter.
* @param string $description The description that will be printed.
* @param WP_User $profile_user The current WP_User object.
echo apply_filters( 'user_profile_picture_description', $description, $profile_user );
* Filters the display of the password fields.
* @since 2.8.0 Added the `$profile_user` parameter.
* @since 4.4.0 Now evaluated only in user-edit.php.
* @param bool $show Whether to show the password fields. Default true.
* @param WP_User $profile_user User object for the current user to edit.
$show_password_fields = apply_filters( 'show_password_fields', true, $profile_user );
<?php if ( $show_password_fields ) : ?>
<h2><?php _e( 'Account Management' ); ?></h2>
<table class="form-table" role="presentation">
<tr id="password" class="user-pass1-wrap">
<th><label for="pass1"><?php _e( 'New Password' ); ?></label></th>
<input type="hidden" value=" " /><!-- #24364 workaround -->
<button type="button" class="button wp-generate-pw hide-if-no-js" aria-expanded="false"><?php _e( 'Set New Password' ); ?></button>
<div class="wp-pwd hide-if-js">
<div class="password-input-wrapper">
<input type="password" name="pass1" id="pass1" class="regular-text" value="" autocomplete="new-password" spellcheck="false" data-pw="<?php echo esc_attr( wp_generate_password( 24 ) ); ?>" aria-describedby="pass-strength-result" />
<div style="display:none" id="pass-strength-result" aria-live="polite"></div>
<button type="button" class="button wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Hide password' ); ?>">
<span class="dashicons dashicons-hidden" aria-hidden="true"></span>
<span class="text"><?php _e( 'Hide' ); ?></span>
<button type="button" class="button wp-cancel-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Cancel password change' ); ?>">
<span class="dashicons dashicons-no" aria-hidden="true"></span>
<span class="text"><?php _e( 'Cancel' ); ?></span>
<tr class="user-pass2-wrap hide-if-js">
<th scope="row"><label for="pass2"><?php _e( 'Repeat New Password' ); ?></label></th>
<input type="password" name="pass2" id="pass2" class="regular-text" value="" autocomplete="new-password" spellcheck="false" aria-describedby="pass2-desc" />
<?php if ( IS_PROFILE_PAGE ) : ?>
<p class="description" id="pass2-desc"><?php _e( 'Type your new password again.' ); ?></p>
<p class="description" id="pass2-desc"><?php _e( 'Type the new password again.' ); ?></p>
<th><?php _e( 'Confirm Password' ); ?></th>
<input type="checkbox" name="pw_weak" class="pw-checkbox" />
<span id="pw-weak-text-label"><?php _e( 'Confirm use of weak password' ); ?></span>
<?php endif; // End Show Password Fields. ?>
<?php // Allow admins to send reset password link. ?>
<?php if ( ! IS_PROFILE_PAGE && true === wp_is_password_reset_allowed_for_user( $profile_user ) ) : ?>
<tr class="user-generate-reset-link-wrap hide-if-no-js">
<th><?php _e( 'Password Reset' ); ?></th>
<div class="generate-reset-link">
<button type="button" class="button button-secondary" id="generate-reset-link">
<?php _e( 'Send Reset Link' ); ?>
/* translators: %s: User's display name. */
__( 'Send %s a link to reset their password. This will not change their password, nor will it force a change.' ),
esc_html( $profile_user->display_name )
<?php if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) : ?>
<tr class="user-sessions-wrap hide-if-no-js">
<th><?php _e( 'Sessions' ); ?></th>
<td aria-live="assertive">
<div class="destroy-sessions"><button type="button" disabled class="button"><?php _e( 'Log Out Everywhere Else' ); ?></button></div>
<?php _e( 'You are only logged in at this location.' ); ?>
<?php elseif ( IS_PROFILE_PAGE && count( $sessions->get_all() ) > 1 ) : ?>
<tr class="user-sessions-wrap hide-if-no-js">
<th><?php _e( 'Sessions' ); ?></th>
<td aria-live="assertive">
<div class="destroy-sessions"><button type="button" class="button" id="destroy-sessions"><?php _e( 'Log Out Everywhere Else' ); ?></button></div>
<?php _e( 'Did you lose your phone or leave your account logged in at a public computer? You can log out everywhere else, and stay logged in here.' ); ?>
<?php elseif ( ! IS_PROFILE_PAGE && $sessions->get_all() ) : ?>
<tr class="user-sessions-wrap hide-if-no-js">
<th><?php _e( 'Sessions' ); ?></th>
<p><button type="button" class="button" id="destroy-sessions"><?php _e( 'Log Out Everywhere' ); ?></button></p>
/* translators: %s: User's display name. */
printf( __( 'Log %s out of all locations.' ), $profile_user->display_name );
<?php if ( wp_is_application_passwords_available_for_user( $user_id ) || ! wp_is_application_passwords_supported() ) : ?>
<div class="application-passwords hide-if-no-js" id="application-passwords-section">
<h2><?php _e( 'Application Passwords' ); ?></h2>
<p><?php _e( 'Application passwords allow authentication via non-interactive systems, such as XML-RPC or the REST API, without providing your actual password. Application passwords can be easily revoked. They cannot be used for traditional logins to your website.' ); ?></p>
<?php if ( wp_is_application_passwords_available_for_user( $user_id ) ) : ?>
$blogs = get_blogs_of_user( $user_id, true );
$blogs_count = count( $blogs );
if ( $blogs_count > 1 ) :
/* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
'Application passwords grant access to <a href="%1$s">the %2$s site in this installation that you have permissions on</a>.',
'Application passwords grant access to <a href="%1$s">all %2$s sites in this installation that you have permissions on</a>.',
if ( is_super_admin( $user_id ) ) {
/* translators: 1: URL to my-sites.php, 2: Number of sites the user has. */
'Application passwords grant access to <a href="%1$s">the %2$s site on the network as you have Super Admin rights</a>.',
'Application passwords grant access to <a href="%1$s">all %2$s sites on the network as you have Super Admin rights</a>.',
admin_url( 'my-sites.php' ),
number_format_i18n( $blogs_count )
<?php if ( ! wp_is_site_protected_by_basic_auth( 'front' ) ) : ?>
<div class="create-application-password form-wrap">
<label for="new_application_password_name"><?php _e( 'New Application Password Name' ); ?></label>
<input type="text" size="30" id="new_application_password_name" name="new_application_password_name" class="input" aria-required="true" aria-describedby="new_application_password_name_desc" spellcheck="false" />
<p class="description" id="new_application_password_name_desc"><?php _e( 'Required to create an Application Password, but not to update the user.' ); ?></p>
* Fires in the create Application Passwords form.
* @param WP_User $profile_user The current WP_User object.
do_action( 'wp_create_application_password_form', $profile_user );
<button type="button" name="do_new_application_password" id="do_new_application_password" class="button button-secondary"><?php _e( 'Add Application Password' ); ?></button>
__( 'Your website appears to use Basic Authentication, which is not currently compatible with Application Passwords.' ),
'additional_classes' => array( 'inline' ),
<div class="application-passwords-list-table-wrapper">
$application_passwords_list_table = _get_list_table( 'WP_Application_Passwords_List_Table', array( 'screen' => 'application-passwords-user' ) );
$application_passwords_list_table->prepare_items();
$application_passwords_list_table->display();
<?php elseif ( ! wp_is_application_passwords_supported() ) : ?>
<p><?php _e( 'The application password feature requires HTTPS, which is not enabled on this site.' ); ?></p>
/* translators: %s: Documentation URL. */
__( 'If this is a development website, you can <a href="%s">set the environment type accordingly</a> to enable application passwords.' ),
__( 'https://developer.wordpress.org/apis/wp-config-php/#wp-environment-type' )
<?php endif; // End Application Passwords. ?>
* Fires after the 'Application Passwords' section is loaded on the 'Profile' editing screen.
* The action only fires if the current user is editing their own profile.
* @param WP_User $profile_user The current WP_User object.
do_action( 'show_user_profile', $profile_user );
* Fires after the 'Application Passwords' section is loaded on 'Edit User' screen.
* The action only fires if the current user is editing another user's profile.
* @param WP_User $profile_user The current WP_User object.
do_action( 'edit_user_profile', $profile_user );
* Filters whether to display additional capabilities for the user.
* The 'Additional Capabilities' section will only be enabled if
* the number of the user's capabilities exceeds their number of
* @param bool $enable Whether to display the capabilities. Default true.
* @param WP_User $profile_user The current WP_User object.
$display_additional_caps = apply_filters( 'additional_capabilities_display', true, $profile_user );
<?php if ( count( $profile_user->caps ) > count( $profile_user->roles ) && ( true === $display_additional_caps ) ) : ?>
<h2><?php _e( 'Additional Capabilities' ); ?></h2>
<table class="form-table" role="presentation">
<tr class="user-capabilities-wrap">
<th scope="row"><?php _e( 'Capabilities' ); ?></th>
foreach ( $profile_user->caps as $cap => $value ) {
if ( ! $wp_roles->is_role( $cap ) ) {
/* translators: %s: Capability name. */
$output .= sprintf( __( 'Denied: %s' ), $cap );
<?php endif; // End Display Additional Capabilities. ?>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr( $user_id ); ?>" />
<?php submit_button( IS_PROFILE_PAGE ? __( 'Update Profile' ) : __( 'Update User' ) ); ?>
<script type="text/javascript">
if (window.location.hash == '#password') {
document.getElementById('pass1').focus();
<script type="text/javascript">
var languageSelect = $( '#locale' );
$( 'form' ).on( 'submit', function() {
* Don't show a spinner for English and installed languages,
* as there is nothing to download.
if ( ! languageSelect.find( 'option:selected' ).data( 'installed' ) ) {
$( '#submit', this ).after( '<span class="spinner language-install-spinner is-active" />' );
<?php if ( isset( $application_passwords_list_table ) ) : ?>
<script type="text/html" id="tmpl-new-application-password">
<div class="notice notice-success is-dismissible new-application-password-notice" role="alert">
<p class="application-password-display">
<label for="new-application-password-value">
/* translators: %s: Application name. */
__( 'Your new password for %s is:' ),
'<strong>{{ data.name }}</strong>'
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
