How to Remove the Password Reset / Change Option From WordPress

Are you looking to remove the password reset option in WordPress?

By default, WordPress allows users to reset/change passwords by providing their email addresses. Sometimes, you may want to disable the password reset option in WordPress to prevent hackers from trying to get into your site.

In this article, we will show you how to remove the password reset/change option from WordPress.

Why Remove Password Reset/Change Option From WordPress?

If you allow user registration on your WordPress site, then the password reset option allows users to recover lost passwords. Normally, you wouldn’t want to change that.

However, in some usage scenarios, you might want to remove this option for specific users or user roles on your WordPress site.

For example, you may have created a temporary account for someone or a demo site where users can log in with a demo username and password.

Also, having the password reset option gives hackers another way to attempt entry into your website. If you are particularly concerned about WordPress security, you may wish to remove the option for users to reset their own passwords.

The easier solution would be to remove the password reset link. However, some savvy users may already know the URL to use to access the password reset form.

Having said that, let’s see how you can easily remove the password reset/change option from WordPress:

Method 1: Disable Password Reset/Change Option Using LoginPress

The easiest way to disable the password reset/change option is with LoginPress. It’s a free WordPress plugin that allows you to customize the login page.

LoginPress offers a wide range of features to customize the appearance of the login page to improve the security and how the way the page looks.

Step 1: Install and Activate LoginPress

To get started, you will need to install and activate LoginPress. For more details, check out our tutorial on how to install a WordPress plugin.

Step 2: Customize the Settings

Next, head over to the LoginPress » Settings page from your WordPress dashboard. On the settings page, you have a ton of options to customize your login page. Many of the other tabs are paid features, but the settings options are available for free users.

One thing you probably want to turn on is the ‘Force Password Reset’ option. Once you’ve toggled that option, you’ll need to set the duration in days, after which the user will be forced to change their password again.

A good rule of thumb for WordPress security purposes is to change your password every 90 days. Also, you can choose which user roles you want to enforce this password reset rule for.

Below that, you can also set the number of minutes a user is allowed to access the backend of your WordPress site before the session expires. In addition, you can add custom password fields in the user registration form, along with other settings.

Once you’ve selected all the options you’d like to customize, hit the ‘Save Changes’ button.

Step 3: Disable Forgot Password

From here, you’ll want to head over to LoginPress » Customizer. You’ll be taken to a built-in editor where you can easily customize any aspect of your WordPress login page.

To remove the ‘Lost your password?’ message, you need to go to the Form Footer tab. You can also get there by clicking on the pencil icon next to ‘Lost your password?’ It will also take you to the Form Footer tab.

Then, you need to turn off the ‘Enable Footer Text’ option.

This will remove the ‘Register’ and ‘Lost your password?’ options from your login page.

The plugin offers plenty of other cool features.

For example, you can change the button color and text colors, add logos, and even change the background. Just click the pencil icon on whichever spot you want to change or navigate through the left side panel.

Once you are done customizing the WordPress login page, you’ll be ready to save the changes.

Simply hit the ‘Publish’ button in the top left corner to finalize the changes.

Lastly, you need to log out of your WordPress dashboard. Then, try to log in again to check that the lost password option no longer appears.

You have now successfully removed the password reset/change option from WordPress.

Method 2: Manually Disable Password Reset Option From WordPress Using WPCode

This method requires you to add code to your WordPress site.

Some tutorials will tell you to edit the files directly, but we don’t recommend this. Even the smallest error while typing code can cause WordPress errors or even make your site inaccessible.

That’s why we recommend using a code snippets plugin like WPCode instead.

This popular plugin allows you to add custom code in WordPress without editing your theme’s functions.php file, so you won’t have to worry about breaking your site.

You can use the free version of WPCode for this tutorial. However, if you upgrade to the premium version, you’ll have access to more ready-made snippets and advanced features, including a code generator, revision history, and smart conditional logic.

To get started, you’ll need to install and activate the WPCode plugin. For more information, please see our guide on how to install a WordPress plugin.

Then, you’ll need to go to Code Snippets » + Add Snippet.

Since there’s no ready-made snippet for disabling the password reset option, you’ll need to add custom code.

Hover over the ‘Add Your Custom Code’ bar and click ‘Use Snippet.’

First, you need to give your custom snippet a name.

That way, you can refer back to it later should you need to make changes to it.

Next, for the Code Type, select the ‘PHP Snippet’ option from the dropdown menu.

Then, you’ll want to copy and paste the following code into the Code Preview text editor:

<?php
/*
 * Plugin Name: Disable Password Reset
 * Description: Disable password reset functionality. Only users with administrator role will be able to change passwords from inside admin area.
 * Version: 1.0
 * Author: WPBeginner
 * Author URI: http://wpbeginner.com
 */

class Password_Reset_Removed
{

  function __construct()
  {
    add_filter( 'show_password_fields', array( $this, 'disable' ) );
    add_filter( 'allow_password_reset', array( $this, 'disable' ) );
    add_filter( 'gettext',              array( $this, 'remove' ) );
  }

  function disable()
  {
    if ( is_admin() ) {
      $userdata = wp_get_current_user();
      $user = new WP_User($userdata->ID);
      if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
        return true;
    }
    return false;
  }

  function remove($text)
  {
    return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') );
  }
}

$pass_reset_removed = new Password_Reset_Removed();
?>

Here is what your screen should look like:

From here, all you need to do is toggle the option from ‘Inactive’ to ‘Active’ at the top of the page.

Then, hit ‘Save Snippet’ to finalize the changes.

You are all set.

Now, you can log out of your WordPress admin area so you can check if the password reset option has been removed.

We hope this article helped you learn how to remove the password reset/change option from WordPress. You may also want to check out our ultimate guide on how to speed up WordPress performance or our list of the most common WordPress errors and how to fix them.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.