Introduction
There are many reasons why you may want to disable the password reset functionality on your site. Some of the most common are the following:
- Harden your WordPress site’s security
- Receiving too many password reset notification emails
- Your Site has a lot of registered users
Table of Contents
Code Example
The following code can be placed at the bottom of your theme’s functions.php. Copy this code and scroll down to the next section if you are unsure of where to place the code.
/**
* Disable password reset
*/
function disable_reset_lost_password()
{
return false;
}
add_filter( 'allow_password_reset', 'disable_reset_lost_password');
functions.php Placement
You’ll want to locate the functions.php file of the theme you currently have set to active. This can be done using File Manager or FTP (File Transfer Protocol). In this walk through we’ll assume you have access to File Manager.
However, if you’re connected to your hosting account using FTP you can locate your theme’s functions.php file in the same location by navigating to:
wp-content > themes > theme directory > functions.php
After you’ve located your theme’s functions.php, right click the file and click Edit from the drop down.
Place the copied code at the very bottom as shown in the screenshot below and click the Save Changes button at the top right of your browser window.
Error Message
Now, anyone who attempts to access https://yourdomain.com/wp-login.php?action=lostpassword will receive the error Password reset is not allowed for this user.
If at anytime in the future you want to allow registered users to have the ability to trigger a password reset you’ll need to remove those lines of code from your theme’s functions.php file.
