I had the same problem recently on 4 different WordPress installations: When trying to reset my password the process would stop short at the last stage (when I submit the new password) and the server would return me a “403 Forbidden” HTTP status code.
I still don’t know what’s going on, there is little information on the web about that issue. It doesn’t seem related to a plugin for example because not all installations have the same set of plugins and there is no one plugin common to all of them. It’s not a problem with the .htaccess file either because I tried without an .htaccess and it wouldn’t work anyway.
I start to suspect this is a problem either with WP 3.5.1 or with the host, both of which being the common denominator for all 4 sites.
Now, I am the admin and the webmaster on those sites, I cannot ask my clients to reset my password for me (you know, professional pride…) and I don’t really have time right now to investigate further. So what I do?
Well, one solution would be to change the password directly in the database, but this is overly complicated, you need to concatenate random strings with your password and ash them. The other solution is to use the WordPress API. So here is what I did.
I created a small PHP file, named it randomly for sake of security and put the following code inside:
# load WordPress, without theming the output
# here you set your user's id, that you can easily find in the database
# and your new password
I uploaded it to my WordPress folder and hit it with my browser. Et voilà, a fresh new password.
I will update that post if I find new information about that issue, or a definitive solution. In the mean time, if you have any idea, feel free to leave a comment.