One of our Wordpress websites have hundreds of users...when a new user is created, the link is sent to them that expires within a 24h period.
Now, I see that we can change that by changing the a value within the Core of Wordpress: /wp-includes/users.php
Now, would it be better to change the value directly via FTP or create a plugin?
TLDR;
Never edit core files. Go the plugin route instead.
Every time you update WordPress, all core files are replaced by the new ones so editing its code directly is never a good idea: all changes made to it will be lost. Instead, make use of the many action/filter hooks WordPress offers to alter its behavior - this is the safest way to go as upgrades won't overwrite your modifications.
In your case, the password_reset_expiration filter hook is what you're looking for.
