WordPress users can change their password in two different ways. Either they can visit the user profile to generate a new password or using Lost Password link on WordPress login page.
We already learned how to secure a WordPress website from being hacked. You will get a plenty of security plugins to give bullet-proof protection to your blog or website that runs on WordPress. But what will do if your email itself compromised?
Anyone can reset your WordPress password if they have access to your email account. They just need to visit your WordPress login screen and click on Lost Password button. Within seconds, they will get password reset link via email.
How can you overcome this situation? Is it possible to disable password reset in WordPress?
Yes, of course.
Install and activate Plainview Protect Passwords plugin in your WordPress site first. It is a simple plugin to prevent users from resetting password on both single and multi-site installations. You can enable or disable the setting by user roles, usernames with an option to exclude certain users from the protection.
After installation, go to Settings > Protect Passwords to configure the plugin.
The first box allows you to disable the password reset feature by user roles. If you want to remove the option based on the usernames, go to the second box. Upon Save, the selected users won’t be able to reset the password and they will get this kind of error message,
Do you want to activate the feature for all user roles and exclude certain users from it? The last box on the same page allows you to do so. Thus you can disable password reset for the entire site and exclude yourselves from the protection.
What will happen if you have activated the function and forgot the user password? There won’t be a password reset option in both your login screen and user profile. You should open the database via PHPMyAdmin or similar tool to reset the password. This is an important point that you should aware of while disabling the feature.