diff --git a/src/main/resources/lessons/passwordreset/documentation/PasswordReset_host_header.adoc b/src/main/resources/lessons/passwordreset/documentation/PasswordReset_host_header.adoc
index 7d4e951de..a940b6b17 100644
--- a/src/main/resources/lessons/passwordreset/documentation/PasswordReset_host_header.adoc
+++ b/src/main/resources/lessons/passwordreset/documentation/PasswordReset_host_header.adoc
@@ -3,17 +3,13 @@
 When creating a password reset link you need to make sure:
 
 - It is a unique link with a random token
-- It can only be used once
+- You can use it only once
 - The link is only valid for a limited amount of time.
 
-Sending a link with a random token means an attacker cannot start a simple DOS attack to your website by starting to
-block users. The link should not be usable more than once which makes it impossible to change the password again.
-The time out is necessary to restrict the attack window, having a link opens up a lot of possibilities for the attacker.
+Sending a link with a random token means an attacker cannot start a simple DOS attack to your website by starting to block users. The link should not be usable more than once, which makes it impossible to change the password again. The time-out is necessary to restrict the attack window. Having a link opens up a lot of possibilities for the attacker.
 
 == Assignment
 
-Try to reset the password of Tom (tom@webgoat-cloud.org) to your own choice and login as Tom with
-that password. Note: it is not possible to use OWASP ZAP for this lesson, also browsers might not work, command line
-tools like `curl` and the like will be more successful for this attack.
+Try to reset Tom's password (tom@webgoat-cloud.org) to your own choice and log in as Tom with that password. Note: it is impossible to use OWASP ZAP for this lesson. Also, browsers might not work; command line tools like `curl` and the like will be more successful for this attack.
 
-Tom always resets his password immediately after receiving the email with the link.
+Tom is quick to act when it comes to his password. He always resets it immediately after receiving the email with the link.
diff --git a/src/main/resources/lessons/passwordreset/templates/password_reset.html b/src/main/resources/lessons/passwordreset/templates/password_reset.html
index e7234bccb..a5c3647b7 100644
--- a/src/main/resources/lessons/passwordreset/templates/password_reset.html
+++ b/src/main/resources/lessons/passwordreset/templates/password_reset.html
@@ -9,7 +9,7 @@
 <div class="container">
     <div class="row">
         <div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
-            <form role="form" method="POST" action="PasswordReset/reset/change-password" th:object="${form}" novalidate="novalidate">
+            <form role="form" method="POST" action="/WebGoat/PasswordReset/reset/change-password" th:object="${form}" novalidate="novalidate">
                 <h2 class="sign_up_title">Reset your password</h2>
                     <div class="form-group" th:classappend="${#fields.hasErrors('password')}? 'has-error'">
                         <input type="hidden" name="resetLink" th:field="*{resetLink}" />
diff --git a/src/main/resources/lessons/webwolfintroduction/documentation/Landing_page.adoc b/src/main/resources/lessons/webwolfintroduction/documentation/Landing_page.adoc
index a172ad841..7f4123aca 100644
--- a/src/main/resources/lessons/webwolfintroduction/documentation/Landing_page.adoc
+++ b/src/main/resources/lessons/webwolfintroduction/documentation/Landing_page.adoc
@@ -15,9 +15,9 @@ image::images/requests.png[caption="Figure: ", style="lesson-image"]
 {nbsp}
 {nbsp}
 
-Suppose we tricked a user into clicking on a link he/she received in an email. This link will open up our crafted
-password reset link page. The user does not notice any differences compared to the normal password reset page of the company.
-The user enters a new password and hits enter. The new password will be sent to your host. In this case, the new
-password will be sent to WebWolf. Try to locate the unique code.
+Suppose we tricked a user into clicking on a link received in an email. This link will open up our crafted
+password reset link page. The user notices no differences from the company's standard password reset page.
+The user enters a new password and hits enter. Your host will receive the new password. In this case, the new
+password ends up in WebWolf. Try to locate the unique code.
 
-Please be aware that the user will receive an error page after resetting the password. In a real attack scenario the user would probably see a normal success page (this is due to a limit on what we can control with WebWolf)
+Please be aware that the user will receive an error page after resetting the password. In an actual attack scenario, the user would probably see a standard success page (this is due to a limit on what we can control with WebWolf)