Beginner's Guide for WordPress / Start your WordPress Blog in minutes

How to Remove the Password Reset / Change option from WordPress

Are you looking to remove the password reset option in WordPress? By default, WordPress allows users to reset/change password by providing their email address. Sometimes you may want to disable password reset option in WordPress. In this article, we will show you how to remove the password reset / change option from WordPress.

Removing password reset option from WordPress

Why Remove Password Reset/Change Option From WordPress

If you allow user registration on your WordPress site, then password reset option allows user to recover lost passwords. Normally, you wouldn’t want to change that.

However, in some usage scenarios you may want to remove this option for specific users or user roles on your WordPress site.

For example, if you have created a temporary account for someone or if you have created a demo site where users can login with a demo username and password.

The easier solution will be to just remove the password reset link. But some savvy users may already know the URL to access the password reset form.

Having said that, let’s see how you can easily remove password reset/change option from WordPress.

Method 1: Disable Password Reset/Change Option Using Plugin

The plugin method is better and easier. It allows you to disable password reset option for specific user roles or even individual users.

This way you can still control and provide password reset feature for some trusted users or user roles.

First thing you need to do is install and activate the Plainview Protect Passwords plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Settings » Protect Passwords page to configure the plugin settings.

Protect password settings

Simply select the user roles or individual users to disable their password change or reset option.

There is also an option to exempt individual users. This option is useful if you want to disable password reset option for all users except yourself.

Don’t forget to click on the save changes button to store your settings.

You can see the plugin in action by visiting the WordPress login page and clicking on ‘Lost your password?’ link. It will take you to the password reset page where you can try entering the username or email address for a user who does not have password reset option.

You will see an error indicating that password reset is not allowed for this user.

Password reset disabled for this user

Method 2: Manually Disable Password Reset Option From WordPress

This method requires you to add code to your WordPress site. It is not recommended for beginner level users.

First thing you need to do is open a blank text file using a text editor like Notepad. Paste the following code inside this file.

<?php
/*
 * Plugin Name: Disable Password Reset
 * Description: Disable password reset functionality. Only users with administrator role will be able to change passwords from inside admin area. 
 * Version: 1.0
 * Author: WPBeginner
 * Author URI: http://wpbeginner.com
 */
 
class Password_Reset_Removed
{

  function __construct() 
  {
    add_filter( 'show_password_fields', array( $this, 'disable' ) );
    add_filter( 'allow_password_reset', array( $this, 'disable' ) );
    add_filter( 'gettext',              array( $this, 'remove' ) );
  }

  function disable() 
  {
    if ( is_admin() ) {
      $userdata = wp_get_current_user();
      $user = new WP_User($userdata->ID);
      if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
        return true;
    }
    return false;
  }

  function remove($text) 
  {
    return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') ); 
  }
}

$pass_reset_removed = new Password_Reset_Removed();
?>

Save this file as disable-password-reset.php on your desktop.

Now you need to upload this file to your WordPress site. You will need an FTP client to do that. See our guide on how to use FTP to upload WordPress files.

Connect to your website using the FTP client and then go to the plugins folder. The plugin’s folder is located inside /wp-content/ directory.

Plugins folder on a WordPress site

Upload disable-password-reset.php file from your computer to the plugins folder on your WordPress site.

Now you need to login to your WordPress admin area and visit the plugins page. You will notice a new plugin titled ‘Disable Password Reset’ in your list of installed plugins. Click on the activate link below the plugin.

Activate Disable Password Reset plugin

That’s all, activating the plugin will disable password reset option for all users including administrators. Administrators will be able to change passwords from the admin area, but they will not be able to reset password from the login screen.

We hope this article helped you learn how to remove the password reset/change option from WordPress. You may also want to see our list of 13 plugins and tips to improve WordPress admin area.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions

15 CommentsLeave a Reply

  1. The Script you wrote on the top Method 2: Manually Disable Password Reset Option From WordPress. Is this still good ? Does it need to be updated ?

    • The second method in our article should still work unless we hear otherwise.

      Admin

  2. Creating the plugin works perfectly, thank you.

    Hoowever the Security plugin WordFence shows a warning now:

    “The Plugin “Disable Password Reset” appears to be abandoned (updated November 10, 2016, tested to WP 4.6.12).
    Type: Plugin Abandoned”

    Is there a way to update this plugin to avoid the warning?

    TIA!

  3. I am a member of a writing organization and unfortunately, the member who was in charge of our website died suddenly. No one knows the password. We have created a new website on WordPress, but we need to take down the old one. Having two sites is causing a great deal of confusion.

    How do we bypass the password? Is there someone to contact regarding this problem?
    Thank you in advance for your assistance with this problem.
    FP

    • Hi Francine,

      If the old website is a self hosted WordPress.org website, then it is hosted by a hosting company. You can request the hosting company to take down the website. However, hosting companies usually do this only when the request is made by a deceased customer’s next of kin or someone with legal rights.

      Admin

  4. That’s still works with the recent versions of WP? Because Im just do it in 2 hosted in my local machine, and nothing happens. The plugin is installed and activated, but the “Forgot Your Password” option remains in the login form.

    Thanks :)

  5. I recently got a new computer and I need to know how disable the password to be able to get into it so I can finish setting it up?

  6. Hi Team,

    This is extremely fantastic tutorial you have shared on this amazing blog because i was thinking to try it through my dashboard but i was unable to do and when i visited on this awesome WPbeginner site and i found it.
    so in this case thanks a lot .

  7. The plugin generated 3 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.
    Please help how to fixed this issue??

    • If you are using the code method, then this could mean that there is extra space after php closing tag. You can delete those extra spaces, you can also delete the PHP closing tag ?>

      Admin

      • that doesnt remove my error message

        “The plugin generated 1 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.”

Leave a Reply to Kristi Buchanan Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.