Are you looking to remove the password reset option in WordPress?
By default, WordPress allows users to reset/change passwords by providing their email addresses. Sometimes, you may want to disable the password reset option in WordPress to prevent hackers from trying to get into your site.
In this article, we will show you how to remove the password reset/change option from WordPress.
Why Remove Password Reset/Change Option From WordPress?
If you allow user registration on your WordPress site, then the password reset option allows users to recover lost passwords. Normally, you wouldn’t want to change that.
However, in some usage scenarios, you might want to remove this option for specific users or user roles on your WordPress site.
For example, you may have created a temporary account for someone or a demo site where users can log in with a demo username and password.
Also, having the password reset option gives hackers another way to attempt entry into your website. If you are particularly concerned about WordPress security, you may wish to remove the option for users to reset their own passwords.
The easier solution would be to remove the password reset link. However, some savvy users may already know the URL to use to access the password reset form.
Having said that, let’s see how you can easily remove the password reset/change option from WordPress:
Method 1: Disable Password Reset/Change Option Using LoginPress
The easiest way to disable the password reset/change option is with LoginPress. It’s a free WordPress plugin that allows you to customize the login page.
LoginPress offers a wide range of features to customize the appearance of the login page to improve the security and how the way the page looks.
Step 1: Install and Activate LoginPress
To get started, you will need to install and activate LoginPress. For more details, check out our tutorial on how to install a WordPress plugin.
Note: The free version has everything you need to disable the password reset/change option. That said, the paid version has advanced security features like the ability to customize the login URL, limit login attempts, and more.
Step 2: Customize the Settings
Next, head over to the LoginPress » Settings page from your WordPress dashboard. On the settings page, you have a ton of options to customize your login page. Many of the other tabs are paid features, but the settings options are available for free users.
One thing you probably want to turn on is the ‘Force Password Reset’ option. Once you’ve toggled that option, you’ll need to set the duration in days, after which the user will be forced to change their password again.
A good rule of thumb for WordPress security purposes is to change your password every 90 days. Also, you can choose which user roles you want to enforce this password reset rule for.
Below that, you can also set the number of minutes a user is allowed to access the backend of your WordPress site before the session expires. In addition, you can add custom password fields in the user registration form, along with other settings.
Once you’ve selected all the options you’d like to customize, hit the ‘Save Changes’ button.
Step 3: Disable Forgot Password
From here, you’ll want to head over to LoginPress » Customizer. You’ll be taken to a built-in editor where you can easily customize any aspect of your WordPress login page.
To remove the ‘Lost your password?’ message, you need to go to the Form Footer tab. You can also get there by clicking on the pencil icon next to ‘Lost your password?’ It will also take you to the Form Footer tab.
Then, you need to turn off the ‘Enable Footer Text’ option.
This will remove the ‘Register’ and ‘Lost your password?’ options from your login page.
The plugin offers plenty of other cool features.
For example, you can change the button color and text colors, add logos, and even change the background. Just click the pencil icon on whichever spot you want to change or navigate through the left side panel.
Once you are done customizing the WordPress login page, you’ll be ready to save the changes.
Simply hit the ‘Publish’ button in the top left corner to finalize the changes.
Lastly, you need to log out of your WordPress dashboard. Then, try to log in again to check that the lost password option no longer appears.
You have now successfully removed the password reset/change option from WordPress.
Method 2: Manually Disable Password Reset Option From WordPress Using WPCode
This method requires you to add code to your WordPress site.
Some tutorials will tell you to edit the files directly, but we don’t recommend this. Even the smallest error while typing code can cause WordPress errors or even make your site inaccessible.
That’s why we recommend using a code snippets plugin like WPCode instead.
This popular plugin allows you to add custom code in WordPress without editing your theme’s functions.php file, so you won’t have to worry about breaking your site.
You can use the free version of WPCode for this tutorial. However, if you upgrade to the premium version, you’ll have access to more ready-made snippets and advanced features, including a code generator, revision history, and smart conditional logic.
To get started, you’ll need to install and activate the WPCode plugin. For more information, please see our guide on how to install a WordPress plugin.
Then, you’ll need to go to Code Snippets » + Add Snippet.
Since there’s no ready-made snippet for disabling the password reset option, you’ll need to add custom code.
Hover over the ‘Add Your Custom Code’ bar and click ‘Use Snippet.’
First, you need to give your custom snippet a name.
That way, you can refer back to it later should you need to make changes to it.
Next, for the Code Type, select the ‘PHP Snippet’ option from the dropdown menu.
Then, you’ll want to copy and paste the following code into the Code Preview text editor:
<?php
/*
* Plugin Name: Disable Password Reset
* Description: Disable password reset functionality. Only users with administrator role will be able to change passwords from inside admin area.
* Version: 1.0
* Author: WPBeginner
* Author URI: http://wpbeginner.com
*/
class Password_Reset_Removed
{
function __construct()
{
add_filter( 'show_password_fields', array( $this, 'disable' ) );
add_filter( 'allow_password_reset', array( $this, 'disable' ) );
add_filter( 'gettext', array( $this, 'remove' ) );
}
function disable()
{
if ( is_admin() ) {
$userdata = wp_get_current_user();
$user = new WP_User($userdata->ID);
if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
return true;
}
return false;
}
function remove($text)
{
return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') );
}
}
$pass_reset_removed = new Password_Reset_Removed();
?>
Here is what your screen should look like:
From here, all you need to do is toggle the option from ‘Inactive’ to ‘Active’ at the top of the page.
Then, hit ‘Save Snippet’ to finalize the changes.
You are all set.
Now, you can log out of your WordPress admin area so you can check if the password reset option has been removed.
We hope this article helped you learn how to remove the password reset/change option from WordPress. You may also want to check out our ultimate guide on how to speed up WordPress performance or our list of the most common WordPress errors and how to fix them.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Syed Balkhi says
Hey WPBeginner readers,
Did you know you can win exciting prizes by commenting on WPBeginner?
Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
You can get more details about the contest from here.
Start sharing your thoughts below to stand a chance to win!
Billy says
The Script you wrote on the top Method 2: Manually Disable Password Reset Option From WordPress. Is this still good ? Does it need to be updated ?
WPBeginner Support says
The second method in our article should still work unless we hear otherwise.
Admin
CG says
Hi,
how to remove all the other Options from the user-page?
WPBeginner Support says
While we don’t have a tutorial for that at the moment, for what it sounds like you’re wanting you may want to take a look at our guide on How to Limit Dashboard Access
Admin
Rich Adams says
Creating the plugin works perfectly, thank you.
Hoowever the Security plugin WordFence shows a warning now:
“The Plugin “Disable Password Reset” appears to be abandoned (updated November 10, 2016, tested to WP 4.6.12).
Type: Plugin Abandoned”
Is there a way to update this plugin to avoid the warning?
TIA!
WPBeginner Support says
Hi Rich,
Try changing plugin name in the code.
Admin
Francine Paino says
I am a member of a writing organization and unfortunately, the member who was in charge of our website died suddenly. No one knows the password. We have created a new website on WordPress, but we need to take down the old one. Having two sites is causing a great deal of confusion.
How do we bypass the password? Is there someone to contact regarding this problem?
Thank you in advance for your assistance with this problem.
FP
WPBeginner Support says
Hi Francine,
If the old website is a self hosted WordPress.org website, then it is hosted by a hosting company. You can request the hosting company to take down the website. However, hosting companies usually do this only when the request is made by a deceased customer’s next of kin or someone with legal rights.
Admin
Imer García says
That’s still works with the recent versions of WP? Because Im just do it in 2 hosted in my local machine, and nothing happens. The plugin is installed and activated, but the “Forgot Your Password” option remains in the login form.
Thanks
Kristi Buchanan says
I recently got a new computer and I need to know how disable the password to be able to get into it so I can finish setting it up?
Lo says
Great! thank you
Priya Singh says
Hi Team,
This is extremely fantastic tutorial you have shared on this amazing blog because i was thinking to try it through my dashboard but i was unable to do and when i visited on this awesome WPbeginner site and i found it.
so in this case thanks a lot .
Saeed Khan says
The plugin generated 3 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.
Please help how to fixed this issue??
WPBeginner Support says
If you are using the code method, then this could mean that there is extra space after php closing tag. You can delete those extra spaces, you can also delete the PHP closing tag ?>
Admin
Adam Edgar says
that doesnt remove my error message
“The plugin generated 1 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.”