Do you want to learn how to disable the lost/changed password email in WordPress?
By default, WordPress automatically sends an email to WordPress admins when any other user resets their password using the lost password link. These emails can quickly become annoying if your site has lots of users.
In this article, we will show you how to disable the lost/changed password admin notifications in WordPress.
Why Disable the Lost/Changed Password Emails in WordPress?
By default, WordPress makes it easy for users to reset their passwords. They can simply head over to the WordPress login screen and click on the ‘Lost your password?’ link.
Every time a user resets their password, WordPress will send your site admin an email.
These messages can help you spot suspicious activity, including hackers who may break into a user’s account by changing their password.
However, these lost/changed password emails can become annoying if you allow user registration on your WordPress website. This is especially true if you run a membership site or a store that has lots of registered customers.
With that being said, let’s take a look at how to disable the lost/changed password emails in WordPress. Simply use the quick links below to jump straight to the method you want to use:
Method 1: Disable Lost/Changed Password Emails in WordPress (No Code Method)
This method is recommended for all beginners since it doesn’t require you to touch any code.
The easiest way to disable the lost/changed password emails in WordPress is by using the WP Mail SMTP Pro plugin.
WP Mail SMTP is the best WordPress SMTP plugin on the market. Over 3 million website owners use WP Mail SMTP to improve their email deliverability and fix the WordPress not sending email issue.
WP Mail SMTP also lets you control which WordPress emails get sent out, so you can selectively disable the ones that you want. These include automatic update email notifications and the ‘Password Changed’ email.
Note: There is also a free WP Mail SMTP plugin that reconfigures WordPress to use a proper SMTP provider when sending emails. However, this free plugin doesn’t let you disable the ‘Password Reset’ email, so we will be using the premium plugin in this guide.
After buying the WP Mail SMTP plugin, simply click on the ‘Downloads’ tab in your WP Mail SMTP account.
You can then click on the ‘Download WP Mail SMTP’ button to download the plugin to your computer as a ZIP file.
Next, simply scroll to the ‘License key’ section. You’ll need this key to activate your plugin, so it’s a good idea to keep this page open.
Once you’ve done that, you’ll need to upload the ZIP file to your WordPress website and activate the WP Mail SMTP plugin. For more details, please see our guide on how to install a WordPress plugin.
Upon activation, go to WP Mail SMTP » Settings.
You can now either type or copy/paste your WP Mail SMTP license key into the ‘License Key’ field. Once you’ve done that, just click on the ‘Verify Key’ button.
After verifying your license key, head over to WP Mail SMTP » Settings.
You can then go ahead and click on the ‘Email Controls’ tab.
On this page, you’ll see all the emails that WordPress sends automatically.
To disable the lost/changed password email, just scroll to the ‘Change of User Email or Password’ section.
Next, find the ‘Password Reset Successfully’ slider and give it a click. This will turn the slider from ‘On’ to ‘Off.’
Now, you won’t get an email every time a user changes their password.
Method 2: Disable Lost/Changed Password Emails in WordPress (Code Method)
If you don’t want to set up an SMTP plugin, then you can disable password reset emails by adding code to your WordPress blog or website.
That’s where WPCode comes in.
This free plugin makes it easy to add custom CSS, PHP, HTML, and more to WordPress without putting your site at risk. You can simply paste the plugin’s code into WPCode’s editor and then activate and deactivate the code with the click of a button.
By using WPCode, you can also update your WordPress theme without losing customization.
To start, you’ll need to install and activate WPCode. For more information, see our step-by-step guide on how to install a WordPress plugin.
After that, go to Code Snippets » Add Snippet in the WordPress dashboard.
Here, you’ll see all the pre-made snippets you can add to your site. These include a snippet that allows you to completely disable comments, upload file types that WordPress doesn’t usually support, disable attachment pages, and much more.
Instead, hover your mouse over ‘Add Your Custom Code’ and then select ‘Use snippet’ when it appears.
To start, type in a title for the custom snippet. This could be anything that helps you identify the code in your WordPress dashboard.
Next, open the ‘Code Type’ dropdown menu and choose ‘PHP.’
After that, simply paste the following snippet into the code editor:
remove_action( 'after_password_reset', 'wp_password_change_notification' );
Below the code box, you’ll see some insertion options. There are two main options: Auto Insert and Shortcode (Default).
If it isn’t already selected, then click on ‘Auto Insert,’ WPCode will then automatically insert and execute the code across your entire online store, website, or blog.
With that done, you may want to add tags to the code snippet.
This can help organize your code snippets by topic and functionality.
When you are ready to publish the PHP snippet, scroll to the top of the screen and click on the ‘Inactive’ toggle so it changes to ‘Active.’
Finally, click on ‘Save Snippet’ to make the snippet live.
WordPress will now stop sending password reset notifications to your admin’s email address.
We hope this article helped you learn how to disable the lost/changed password emails in WordPress. You may also want to check out our ultimate WordPress security guide or see our guide on how to disable new user registration email in WordPress.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Deivid says
Tried adding this via a code snippet, as explained is possible in the article. But still getting notification emails?
WPBeginner Support says
Depending on the code snippet plugin, ensure the specific snippet is enabled as the most common reason the snippet would not be working.
Admin
Ali Jooyafar says
Thank You So much because of your useful tutorial.
a WP User From Iran. <3
WPBeginner Support says
Glad our guide was helpful
Admin
David says
Hello Good day wpbeginners, I tried using code snippet plugin, then placing the codes but I get an error saying
“The snippet has been deactivated due to an error on line 3: Cannot redeclare function wp_password_change_notification”.
Please I need a solution to this. Thanks
WPBeginner Support says
For the method in this article, you would need to add it as a custom plugin and not using an additional plugin for it to work.
Admin
Marc says
Thank you so much, so many emails and thus energy wasted nowadays, that could be saved with 3 lines of code.. thank you!!
WPBeginner Support says
Glad our guide was helpful, while not the solution for every site we’re glad this could be something useful to you
Admin
Christopher Simmons says
Thanks for this, was resetting some of my author passwords simply for security, and they started complaining why they were getting emails about it when they no longer write for my publication — doh. This would have helped there, and now it’s in place in our “extension plugin” we put all our hacks into.
THANK YOU!
ronald says
Thanks for this code it helps me and my admin.
Marie Jac says
Hi!
I am trying to remove the notification sent to the user himself when reset his password (because an email is already sent by another customer plugin). The code above seems to only remove notification to admin. Is there another code I can use?
Thank you!!
Guido says
There is an hook for that.
Simply add this line of code
remove_action( 'after_password_reset', 'wp_password_change_notification' );Fábio Tojal says
Hi there,
I am having problem! When I click on Reset Password nothing Happens! It stays in the same page!
Do you know what is happenig ?
Thanks!
Steve Barman says
The plugin generated 4 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin. – I hope this isn’t anything to worry about
WPBeginner Support says
If you continue to see this message, then please inform the plugin author.
Admin
John Dough says
Another option is to filter all emails from change password to the trash. In GMail you can setup a filter by opening the email and then somewhere along the top is a list of options. One is filter messages like these. Follow the onscreen instructions and send them to the trash.
Bajza Ferenc says
Hi,
I found better solution for solve this problem without plugin.
Backup your wp-includes/pluggable.php
Edit wp-includes/pluggable.php file
Find wp_password_change_notification part
Delete these lines from file:
if ( !function_exists(‘wp_password_change_notification’) ) :
/**
* Notify the blog admin of a user changing password, normally via email.
*
* @since 2.7.0
*
* @param object $user User Object
*/
function wp_password_change_notification(&$user) {
// send a copy of password change notification to the admin
// but check to see if it’s the admin whose password we’re changing, and skip this
if ( 0 !== strcasecmp( $user->user_email, get_option( ‘admin_email’ ) ) ) {
$message = sprintf(__(‘Password Lost and Changed for user: %s’), $user->user_login) . “\r\n”;
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option(‘blogname’), ENT_QUOTES);
wp_mail(get_option(‘admin_email’), sprintf(__(‘[%s] Password Lost/Changed’), $blogname), $message);
}
}
endif;
Save.
Enjoy.
WPBeginner Support says
We strongly advise our users, to NEVER edit core WordPress files.
Admin
Alvaro says
NEVER, NEVER, NEVER edit WordPress core files.
Any change should be done through a plugin or a child theme.
Pam Blizzard says
Exactly what I wanted to know – and I thought putting a snippet in functions.php was the best way to go, but I’m so glad you mentioned that it wouldn’t work. THANK YOU!