Search for answers or browse our knowledge base.
How to disable the password reset request option in WordPress
Melapress Login Security allows you to disable the password reset request function. By enabling this setting, users will not be able to request a password reset. Instead, password resets need to be done manually by an administrator.
Security tip: It is recommended to enable this feature to critical website accounts, such as admin accounts. By doing you are restricting possible attack surfaces.
The password reset request function can be disabled globally (for all user accounts) or by role (for user accounts subscribed to a particular role). To enable this option;
- Click on Login Security from the left-hand menu
- Click on Login Policies for the piano menu
- If you want to disable the password reset request option for all user accounts, click on the Site-wide policies tab. If you want to disable the password reset request option for a particular role, select the role from the second tab’s drop-down and disable the Inherit Password Policies option
- Scroll to the Disable sending of password reset links setting and check the Do not send password reset links option
You can also add a message that will be displayed to users whenever they attempt to request a password reset. You can write the message in the text field underneath Display the following message when a user requests a password reset.
Please note that when the above option is enabled, administrators are still able to send password reset links to users.