Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts

How to Remove the Password Reset / Change Option From WordPress

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Are you looking to remove the password reset option in WordPress?

By default, WordPress allows users to reset/change passwords by providing their email addresses. Sometimes, you may want to disable the password reset option in WordPress to prevent hackers from trying to get into your site.

In this article, we will show you how to remove the password reset/change option from WordPress.

Remove the password reset option in WordPress

Why Remove Password Reset/Change Option From WordPress?

If you allow user registration on your WordPress site, then the password reset option allows users to recover lost passwords. Normally, you wouldn’t want to change that.

However, in some usage scenarios, you might want to remove this option for specific users or user roles on your WordPress site.

For example, you may have created a temporary account for someone or a demo site where users can log in with a demo username and password.

Also, having the password reset option gives hackers another way to attempt entry into your website. If you are particularly concerned about WordPress security, you may wish to remove the option for users to reset their own passwords.

The easier solution would be to remove the password reset link. However, some savvy users may already know the URL to use to access the password reset form.

Having said that, let’s see how you can easily remove the password reset/change option from WordPress:

Method 1: Disable Password Reset/Change Option Using LoginPress

The easiest way to disable the password reset/change option is with LoginPress. It’s a free WordPress plugin that allows you to customize the login page.


LoginPress offers a wide range of features to customize the appearance of the login page to improve the security and how the way the page looks.

Step 1: Install and Activate LoginPress

To get started, you will need to install and activate LoginPress. For more details, check out our tutorial on how to install a WordPress plugin.

Note: The free version has everything you need to disable the password reset/change option. That said, the paid version has advanced security features like the ability to customize the login URL, limit login attempts, and more.

Step 2: Customize the Settings

Next, head over to the LoginPress » Settings page from your WordPress dashboard. On the settings page, you have a ton of options to customize your login page. Many of the other tabs are paid features, but the settings options are available for free users.

One thing you probably want to turn on is the ‘Force Password Reset’ option. Once you’ve toggled that option, you’ll need to set the duration in days, after which the user will be forced to change their password again.

A good rule of thumb for WordPress security purposes is to change your password every 90 days. Also, you can choose which user roles you want to enforce this password reset rule for.

enforce password reset

Below that, you can also set the number of minutes a user is allowed to access the backend of your WordPress site before the session expires. In addition, you can add custom password fields in the user registration form, along with other settings.

Once you’ve selected all the options you’d like to customize, hit the ‘Save Changes’ button.

save changes in loginpress

Step 3: Disable Forgot Password

From here, you’ll want to head over to LoginPress » Customizer. You’ll be taken to a built-in editor where you can easily customize any aspect of your WordPress login page.

To remove the ‘Lost your password?’ message, you need to go to the Form Footer tab. You can also get there by clicking on the pencil icon next to ‘Lost your password?’ It will also take you to the Form Footer tab.

form footer in loginpress

Then, you need to turn off the ‘Enable Footer Text’ option.

This will remove the ‘Register’ and ‘Lost your password?’ options from your login page.

disable footer text

The plugin offers plenty of other cool features.

For example, you can change the button color and text colors, add logos, and even change the background. Just click the pencil icon on whichever spot you want to change or navigate through the left side panel.

login page example

Once you are done customizing the WordPress login page, you’ll be ready to save the changes.

Simply hit the ‘Publish’ button in the top left corner to finalize the changes.

publish login page

Lastly, you need to log out of your WordPress dashboard. Then, try to log in again to check that the lost password option no longer appears.

You have now successfully removed the password reset/change option from WordPress.

remove password reset example

Method 2: Manually Disable Password Reset Option From WordPress Using WPCode

This method requires you to add code to your WordPress site.

Some tutorials will tell you to edit the files directly, but we don’t recommend this. Even the smallest error while typing code can cause WordPress errors or even make your site inaccessible.

That’s why we recommend using a code snippets plugin like WPCode instead.

wpcode plugin

This popular plugin allows you to add custom code in WordPress without editing your theme’s functions.php file, so you won’t have to worry about breaking your site.

You can use the free version of WPCode for this tutorial. However, if you upgrade to the premium version, you’ll have access to more ready-made snippets and advanced features, including a code generator, revision history, and smart conditional logic.

To get started, you’ll need to install and activate the WPCode plugin. For more information, please see our guide on how to install a WordPress plugin.

Then, you’ll need to go to Code Snippets » + Add Snippet.

Since there’s no ready-made snippet for disabling the password reset option, you’ll need to add custom code.

Hover over the ‘Add Your Custom Code’ bar and click ‘Use Snippet.’

add custom code snippet

First, you need to give your custom snippet a name.

That way, you can refer back to it later should you need to make changes to it.

name custom code snippet

Next, for the Code Type, select the ‘PHP Snippet’ option from the dropdown menu.

Then, you’ll want to copy and paste the following code into the Code Preview text editor:

 * Plugin Name: Disable Password Reset
 * Description: Disable password reset functionality. Only users with administrator role will be able to change passwords from inside admin area.
 * Version: 1.0
 * Author: WPBeginner
 * Author URI:

class Password_Reset_Removed

  function __construct()
    add_filter( 'show_password_fields', array( $this, 'disable' ) );
    add_filter( 'allow_password_reset', array( $this, 'disable' ) );
    add_filter( 'gettext',              array( $this, 'remove' ) );

  function disable()
    if ( is_admin() ) {
      $userdata = wp_get_current_user();
      $user = new WP_User($userdata->ID);
      if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
        return true;
    return false;

  function remove($text)
    return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') );

$pass_reset_removed = new Password_Reset_Removed();

Here is what your screen should look like:

add remove password code snippet

From here, all you need to do is toggle the option from ‘Inactive’ to ‘Active’ at the top of the page.

Then, hit ‘Save Snippet’ to finalize the changes.

save snippet

You are all set.

Now, you can log out of your WordPress admin area so you can check if the password reset option has been removed.

remove password from wordpress login example

We hope this article helped you learn how to remove the password reset/change option from WordPress. You may also want to check out our ultimate guide on how to speed up WordPress performance or our list of the most common WordPress errors and how to fix them.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

16 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Billy says

    The Script you wrote on the top Method 2: Manually Disable Password Reset Option From WordPress. Is this still good ? Does it need to be updated ?

    • WPBeginner Support says

      The second method in our article should still work unless we hear otherwise.


  3. Rich Adams says

    Creating the plugin works perfectly, thank you.

    Hoowever the Security plugin WordFence shows a warning now:

    “The Plugin “Disable Password Reset” appears to be abandoned (updated November 10, 2016, tested to WP 4.6.12).
    Type: Plugin Abandoned”

    Is there a way to update this plugin to avoid the warning?


  4. Francine Paino says

    I am a member of a writing organization and unfortunately, the member who was in charge of our website died suddenly. No one knows the password. We have created a new website on WordPress, but we need to take down the old one. Having two sites is causing a great deal of confusion.

    How do we bypass the password? Is there someone to contact regarding this problem?
    Thank you in advance for your assistance with this problem.

    • WPBeginner Support says

      Hi Francine,

      If the old website is a self hosted website, then it is hosted by a hosting company. You can request the hosting company to take down the website. However, hosting companies usually do this only when the request is made by a deceased customer’s next of kin or someone with legal rights.


  5. Imer García says

    That’s still works with the recent versions of WP? Because Im just do it in 2 hosted in my local machine, and nothing happens. The plugin is installed and activated, but the “Forgot Your Password” option remains in the login form.

    Thanks :)

  6. Kristi Buchanan says

    I recently got a new computer and I need to know how disable the password to be able to get into it so I can finish setting it up?

  7. Priya Singh says

    Hi Team,

    This is extremely fantastic tutorial you have shared on this amazing blog because i was thinking to try it through my dashboard but i was unable to do and when i visited on this awesome WPbeginner site and i found it.
    so in this case thanks a lot .

  8. Saeed Khan says

    The plugin generated 3 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.
    Please help how to fixed this issue??

    • WPBeginner Support says

      If you are using the code method, then this could mean that there is extra space after php closing tag. You can delete those extra spaces, you can also delete the PHP closing tag ?>


      • Adam Edgar says

        that doesnt remove my error message

        “The plugin generated 1 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.”

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.