Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

How to Remove the Password Reset / Change option from WordPress

Last updated on by
Elegant Themes
How to Remove the Password Reset / Change option from WordPress

By default, WordPress allows every user to change/reset their passwords. This is a great option, but in some cases you do not want to have this option available for all user levels. In this article, we will share our story on why we need this functionality, and we will also show you how to remove the ability for non-admin users to change/reset their passwords in WordPress.

One of the key issues we noticed while running a demo site for WordPress 3.2 was people kept on changing the passwords. We created a demo site, so people can play around with the new features that were coming in that specific version. We created a simple username demo with a password demo. The project was created for the good of the community, but unfortunately there were users who would just change the password making it harder for others. Now you would think that by simply removing the ability to change the password by hiding the fields would be enough. Well you are dead wrong because some people were really persistent as they would request password reset using emails. Not sure what type of sick pleasure they were getting, but this was a crucial issue for us.

We did not want to create a multi-site network just to let people play with the trunk version of WordPress. We also don’t believe that users should have to create a separate username and go through the hassle just to check out the preview of a newer version.

Well, if you are running into a similar issue or want to remove the password reset/change option from WordPress, then this is what you have to do.

Open a blank php file and name it whatever you like (example: password-reset-removed.php). Then simply paste the following codes in there:

<?php
/*
 * Plugin Name: Password Reset Removed
 * Description: Removes the ability for non admin users to change/reset their passwords.
 * Version: 1.0
 * Author: Derek Herman
 * Author URI: http://valendesigns.com
 */
class Password_Reset_Removed
{

  function __construct() 
  {
    add_filter( 'show_password_fields', array( $this, 'disable' ) );
    add_filter( 'allow_password_reset', array( $this, 'disable' ) );
    add_filter( 'gettext',              array( $this, 'remove' ) );
  }

  function disable() 
  {
    if ( is_admin() ) {
      $userdata = wp_get_current_user();
      $user = new WP_User($userdata->ID);
      if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
        return true;
    }
    return false;
  }

  function remove($text) 
  {
    return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') ); 
  }
}

$pass_reset_removed = new Password_Reset_Removed();
?>

Now upload this file into your plugins folder. Activate the plugin and you are done. This plugin will remove the ability for non admin users to change/reset their passwords.

The plugin is written by Derek Herman (@valendesigns).


Editorial Staff at WPBeginner is a team of WordPress lovers led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »
  • Narendra

    thank you… You really helped me a lot in creating my website……………………………..

  • Anonymous

    This doesn’t stop someone from putting pass1 and pass2 in the profile change POST request, which will allow them to change their password.

  • Daniel

    Lovely work.

    Easy and ready to use.
    And I can confirm it works in WP 3.5.1.

    Regards and thanks a lot!

  • dsenabulya daniel

    no work done. links on login screen are disabled but when i type the url to forgot password, the form is shown(http://siteurl/wp-login.php?action=lostpassword)

    • dsenabulya daniel

      It actually resets the password. maybe i have imported it wrongly. i put it in functions.php of theme. any one help. and also is there a plugin for hiding the reset password form? thnx

  • Jim

    This was just what I was looking for, but unfortunately I can’t get it to work. I have uploaded the .php into the plugins folder, checked the permissions and the encoding. Should it show up under plugins in the dashboard or does it have to be activated using another method? I even tried uploading via the dashboard as a file and also as a zipped item. What am I missing? Using wp 3.5.1

    • http://www.wpbeginner.com Editorial Staff

      When you upload that file, it should show up in the plugins page. When you activate it, then it should work out of the box. There is no settings page.

  • Sunny khan

    Hi Sir,

    i just want to disable password fields for non admin but i want to leave the reset password option so can you please tell me how to do that can you make changings in the codings thanks for your help !

  • Paul

    I know this is a bit old now, but it still works great in WP 3.5. This helped me a lot, thanks!

  • Larry

    great plug- in, but when I activate – it gives me a bunch of “headers already sent” for the pages on the site and wordpress recommends deleting the plugin

    • http://www.wpbeginner.com Editorial Staff

      Hey Larry, at the time of writing the article (about a year ago), the plugin worked. Due to the vary nature of this blog, it is very hard for us to keep up with all the plugin updates.

  • Tushar Thakur

    How to do this in Genesis framework? any clue. Thanks

    • http://www.wpbeginner.com Editorial Staff

      This is a plugin. It has nothing to do with a theme framework.

  • Boris

    Great code… what should I delete to exclude admin from resetting passwords? I would like to completely remove password reset option (would like to leave admin change password on).

    • http://www.wpbeginner.com Editorial Staff

      No need to make any changes. The code will work exactly how you want it to.

  • RobGundling

    Clean, no hack (to base code) solution. Thanks for posting!

  • http://easypublicspeaking.co.uk/ easyP

    Useful and well explained as ever – appreciate your efforts.