Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides

How to Remove the Password Reset / Change option from WordPress

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
How to Remove the Password Reset / Change option from WordPress

By default, WordPress allows every user to change/reset their passwords. This is a great option, but in some cases you do not want to have this option available for all user levels. In this article, we will share our story on why we need this functionality, and we will also show you how to remove the ability for non-admin users to change/reset their passwords in WordPress.

One of the key issues we noticed while running a demo site for WordPress 3.2 was people kept on changing the passwords. We created a demo site, so people can play around with the new features that were coming in that specific version. We created a simple username demo with a password demo. The project was created for the good of the community, but unfortunately there were users who would just change the password making it harder for others. Now you would think that by simply removing the ability to change the password by hiding the fields would be enough. Well you are dead wrong because some people were really persistent as they would request password reset using emails. Not sure what type of sick pleasure they were getting, but this was a crucial issue for us.

We did not want to create a multi-site network just to let people play with the trunk version of WordPress. We also don’t believe that users should have to create a separate username and go through the hassle just to check out the preview of a newer version.

Well, if you are running into a similar issue or want to remove the password reset/change option from WordPress, then this is what you have to do.

Open a blank php file and name it whatever you like (example: password-reset-removed.php). Then simply paste the following codes in there:

 * Plugin Name: Password Reset Removed
 * Description: Removes the ability for non admin users to change/reset their passwords.
 * Version: 1.0
 * Author: Derek Herman
 * Author URI:
class Password_Reset_Removed

  function __construct() 
    add_filter( 'show_password_fields', array( $this, 'disable' ) );
    add_filter( 'allow_password_reset', array( $this, 'disable' ) );
    add_filter( 'gettext',              array( $this, 'remove' ) );

  function disable() 
    if ( is_admin() ) {
      $userdata = wp_get_current_user();
      $user = new WP_User($userdata->ID);
      if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
        return true;
    return false;

  function remove($text) 
    return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') ); 

$pass_reset_removed = new Password_Reset_Removed();

Now upload this file into your plugins folder. Activate the plugin and you are done. This plugin will remove the ability for non admin users to change/reset their passwords.

The plugin is written by Derek Herman (@valendesigns).

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »


  1. Chuck Smith says:

    Nice plugin does exactly what I needed. How do you change the ERROR message on an incorrect login? Noticed that the Lost link is gone but would like to add a message about emailing administrator for more information.

  2. pereztroff says:

    and how can I delete field email, I dont want users change adress email.


  3. Tommy Lu says:

    My lost password link not working. When I clicked this link its showing page not found,

    How I solve this problem.

  4. Felipe says:

    Nice plugin, but the admins won’t be able to reset they passwords if needed.
    It’ll return false on the reset page to all roles.

  5. Narendra says:

    thank you… You really helped me a lot in creating my website……………………………..

  6. Anonymous says:

    This doesn’t stop someone from putting pass1 and pass2 in the profile change POST request, which will allow them to change their password.

  7. Daniel says:

    Lovely work.

    Easy and ready to use.
    And I can confirm it works in WP 3.5.1.

    Regards and thanks a lot!

  8. dsenabulya daniel says:

    no work done. links on login screen are disabled but when i type the url to forgot password, the form is shown(http://siteurl/wp-login.php?action=lostpassword)

    • dsenabulya daniel says:

      It actually resets the password. maybe i have imported it wrongly. i put it in functions.php of theme. any one help. and also is there a plugin for hiding the reset password form? thnx

  9. Jim says:

    This was just what I was looking for, but unfortunately I can’t get it to work. I have uploaded the .php into the plugins folder, checked the permissions and the encoding. Should it show up under plugins in the dashboard or does it have to be activated using another method? I even tried uploading via the dashboard as a file and also as a zipped item. What am I missing? Using wp 3.5.1

    • Editorial Staff says:

      When you upload that file, it should show up in the plugins page. When you activate it, then it should work out of the box. There is no settings page.

  10. Sunny khan says:

    Hi Sir,

    i just want to disable password fields for non admin but i want to leave the reset password option so can you please tell me how to do that can you make changings in the codings thanks for your help !

  11. Paul says:

    I know this is a bit old now, but it still works great in WP 3.5. This helped me a lot, thanks!

  12. Larry says:

    great plug- in, but when I activate – it gives me a bunch of “headers already sent” for the pages on the site and wordpress recommends deleting the plugin

    • Editorial Staff says:

      Hey Larry, at the time of writing the article (about a year ago), the plugin worked. Due to the vary nature of this blog, it is very hard for us to keep up with all the plugin updates.

  13. Tushar Thakur says:

    How to do this in Genesis framework? any clue. Thanks

  14. Boris says:

    Great code… what should I delete to exclude admin from resetting passwords? I would like to completely remove password reset option (would like to leave admin change password on).

  15. RobGundling says:

    Clean, no hack (to base code) solution. Thanks for posting!

  16. easyP says:

    Useful and well explained as ever – appreciate your efforts.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.