close
removepassreset

WordPress allows users to reset / change password by providing their email address but sometimes you may want to disable this option for security purposes. Read the article below as this process is explained in detail.

Why Remove Password Reset/Change Option From WordPress

If you have allowed user registration on your site then password reset option allows users to recover lost password. You wouldn’t change that normally.

However, in some usage scenarios you may want to remove this option for specific users or user roles on your WordPress site.

For example, if you have created a temporary account for someone or if you have created a demo site where users can login with a demo username and password.

The easier solution will be to just remove the password reset link. But some savvy users may already know the URL to access the password reset form.

Method 1: Disable Password Reset/Change Option Using Plugin

The plugin method is easier and more effective, it allows you to disable password reset option for specific user roles or even individual users.

This way you can still control and provide password reset feature for some trusted users or user roles.

First thing you need to do is install and activate the Plainview Protect Passwords plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Settings » Protect Passwords page to configure the plugin settings.

protect-password-settings

Just select the user roles or individual users to disable their password change or reset option.

There is also an option to exempt individual users. This option is useful if you want to disable password reset option for all users except yourself.

Click save changes to apply your changes.

You can see the plugin in action by visiting the WordPress login page and clicking on ‘Lost your password?’ link. It will take you to the password reset page where you can try entering the username or email address for a user who does not have password reset option.

You will see an error indicating that password reset is not allowed for this user.

disabledpasswordreset

Method 2: Manually Disable Password Reset Option From WordPress

This method requires you to add code to your WordPress files and hence not recommended for amateur users.

First thing you need to do is open a blank text file using a text editor like Notepad. Paste the following code inside this file.

01<?php

 

02/*

 

03 * Plugin Name: Disable Password Reset

 

04 * Description: Disable password reset functionality. Only users with administrator role will be able to change passwords from inside admin area.

 

05 * Version: 1.0

 

06 * Author: WPBeginner

 

07 * Author URI: http://wpbeginner.com

 

08 */

 

09 

 

10class Password_Reset_Removed

 

11{

 

12 

 

13  function __construct()

 

14  {

 

15    add_filter( ‘show_password_fields’, array( $this, ‘disable’) );

 

16    add_filter( ‘allow_password_reset’, array( $this, ‘disable’) );

 

17    add_filter( ‘gettext’,              array( $this, ‘remove’) );

 

18  }

 

19 

 

20  function disable()

 

21  {

 

22    if ( is_admin() ) {

 

23      $userdata = wp_get_current_user();

 

24      $user = new WP_User($userdata->ID);

 

25      if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == ‘administrator’ )

 

26        return true;

 

27    }

 

28    return false;

 

29  }

 

30 

 

31  function remove($text)

 

32  {

 

33    return str_replace( array(‘Lost your password?’, ‘Lost your password’), ”, trim($text, ‘?’) );

 

34  }

 

35}

 

36 

 

37$pass_reset_removed = new Password_Reset_Removed();

 

38?>

 

Save this as disable-password-reset.php on desktop.

Now you need to upload this file to your WordPress site. You will need an FTP client to do that. See our guide on how to use FTP to upload WordPress files.

Connect to your website using the FTP client and then go to the plugins folder. The plugin’s folder is located inside /wp-content/ directory.

ftpplugindir

Upload disable-password-reset.php file from your computer to the plugins folder on your WordPress site.

Now you need to login to your WordPress admin area and visit the plugins page. You will notice a new plugin titled ‘Disable Password Reset’ in your list of installed plugins. Click on the activate link below the plugin.

activateplugin (1)

 

Now activating the plugin will disable the password reset option for all users including administrators. Administrators will be able to change passwords from the admin area, but they will not be able to reset password from the login screen.

 

 

 

Tags : wordpressWordPress how to
Nooruddin Ahmed

The author Nooruddin Ahmed

An avid football fan. Lives for the weekend game.Aviation enthusiast. Believes in letting bygones be bygones.

Leave a Response