What is the .well-known folder on website?

The .well-known folder in URLs serves as a standardized location for hosting well-known resources or files that carry specific information about a website. Its purpose is to provide a consistent and predictable location for web applications, allowing for the discovery of certain files or configurations. The concept of the ".well-known" folder was introduced by the Internet Engineering Task Force (IETF) to streamline the management of common web resources and promote interoperability.

What is a .well-known/change-password URL?

The .well-known/change-password URL serves as a standardized endpoint for password changes on websites. Bascially, when a users navigates to the URL /.well-known/change-password, it should be expected that the request is redirected to the page where the user can update their password.

Why should website implement this feature?

Configuring a .well-known/change-password URL provides several benefits:

  • Standardized Approach: it allows for a consistent password change process across different platforms.
  • Improved Security: it enhances security by providing a designated and recognizable URL for password changes, reducing the risk of phishing attacks.
  • User-Friendly: It simplifies the password change process, offering a clear and easily accessible URL for users to manage their passwords. Imagine a user going through the process of updating their passwords on hundreds of websites - the time lost to locate each password change page can be massive!
  • Interoperability: Fosters interoperability among web services and applications, contributing to a cohesive web ecosystem.

Is this feature for my website?

If your website contains a private area where users can manage their password then yes, it is likely that your website should support the .well-known/change-password URL.

Who uses such .well-known/change-password URLs?

Major websites already implement .well-known/change-password URLs:


Enhance the security of password change processes with a ".well-known/change-password" URL
Enhance the security of password change processes with a ".well-known/change-password" URL

How to install this recipe on my website with redirection.io?

Installing this recipe on your website requires the following steps:

In order to install the ".well-known/change-password redirection.io recipe", you need to:

  1. Navigate to the change password pageOn your website, locate the users account page where they can change their password. Of course, accessing this page requires users to authenticate first
  2. copy the complete URL of the change password pageCopy the complete URL of this page
  3. Paste this URL in the "Change password page URL" field below
  4. Click on "Install on My Website": Execute the installation process by clicking the "Install on My Website" button. This action will create the associated redirection.io rules in draft mode.
  5. Review and Publish Rules: Review the rules created by the recipe, ensuring that the correct redirection rule is created. Once satisfied, publish the rules to activate .well-known/change-password URL support on your website.