Everyone can forget a password for their email, social networks or even their own website login. Modern technologies have allowed us to retrieve those passwords by different methods and this feature might save your life sometimes. It happens to everyone, don’t worry.
While you can easily get your WordPress password back by accessing the “Lost Password” page, the same page can be used by hackers to get access to your protected websites. Whether you have created your site for fun or it helps you make money online, you should do everything in your power to make it more secure.
If you have a lot of registered users, you may want to restrict them from accessing the Lost Password page and take everything in your hands. In this article, we’re about to show you an easy way of disabling the feature directly from your functions.php template file.
If you do this, every user, except admins, will get an error message with a short explanation that the feature has been removed. Of course, even if you remove the feature, you can still change passwords for your users from the admin panel or directly from the database if needed. Or, you can use one of the plugins which will control the passwords for your users instead.
Remove the Lost Password feature:
- Navigate to your functions.php file
- Copy and paste the following code:
- Save changes.
add_filter( 'allow_password_reset', 'disable_reset_lost_password');
Now you can log out from your administrator account and see if the changes have taken effect. If you go to http://yoursite.com/wp-login.php?action=lostpassword or simply click the “Lost your password?” link under the login form and type in the email address of any non-admin users who is registered to your site, an error message saying that password reset is not allowed for that user will appear.
That’s all, folks. Also, you might be interested in removing the option for users to change the password from their profile menu.
If you want to completely secure your login page, check out what Login Ninja can do for you.