The way Wordpress handle a password reset looks like this: You submit your email adress or username via this form /wp-login.php?action=lostpassword ;
Wordpress send you a reset confirmation like that via email:
Someone has asked to reset the password for the following site and username. http://DOMAIN_NAME.TLD/wordpress
To reset your password visit the following address, otherwise just ignore this email and nothing will happen
You click on the link, and then Wordpress reset your admin password, and sends you over another email with your new credentials.
Let's see how it works: