Need to disable the password reset option in WordPress? By default, users can reset passwords via email from the login page. While useful for most sites, you might want to turn this off for demo accounts, temporary users, or enhanced security. As WordPress experts with years of site management experience, we'll show you two effective methods to remove the password reset functionality while maintaining control.
User registration often relies on password reset for recovery. However, for specific scenarios—like client demo sites or restricted access roles—disabling it prevents unauthorized changes. Smart users might guess reset URLs, so fully removing the option ensures security without affecting admin capabilities.
Plugins offer granular control, letting you target specific user roles or individuals. This keeps reset available for trusted admins while blocking others.
Install and activate the Plainview Protect Passwords plugin. (See our step-by-step WordPress plugin installation guide for details.)
Head to Settings » Protect Passwords to configure.
Select roles or users to disable reset for, and exempt key accounts like yours if needed. Click Save Changes.
Test by visiting your login page, clicking "Lost your password?", and entering a restricted user's details. You'll see an error: password reset not allowed.
For full control without plugins, create a simple custom plugin. Note: This requires FTP access and basic coding knowledge—not ideal for beginners.
Open a text editor (like Notepad++), and paste this tested code:
<?php
/**
* Plugin Name: Disable Password Reset
* Description: Blocks password reset for non-administrators.
*/
add_filter( 'allow_password_reset', 'disable_password_reset_for_non_admins', 10, 2 );
function disable_password_reset_for_non_admins( $allow, $user ) {
if ( ! empty( $user->roles ) && is_array( $user->roles ) ) {
if ( in_array( 'administrator', $user->roles ) ) {
return true;
}
}
return false;
}
add_filter( 'gettext', 'remove_lost_password_text', 20, 3 );
function remove_lost_password_text( $translation, $text, $domain ) {
if ( 'default' === $domain && 'Lost your password?' === $text ) {
return '';
}
return $translation;
}
?>Save as disable-password-reset.php.
Using an FTP client (see our FTP for WordPress guide), upload to /wp-content/plugins/.
Log in to WordPress admin, go to Plugins, and activate Disable Password Reset.
This disables reset site-wide except for admins, who can still manage passwords in the dashboard.
These methods have secured countless WordPress sites we've managed. For more, check our 13 plugins and tips to enhance your WordPress admin.
Subscribe to our YouTube channel for video tutorials. Follow us on Twitter and Facebook.