Wordpress

How to Remove the Password Reset / Change option from WordPress

By default, WordPress allows every user to change/reset their passwords. This is a great option, but in some cases you do not want to have this option available for all user levels. In this article, we will share our story on why we need this functionality, and we will also show you how to remove the ability for non-admin users to change/reset their passwords in WordPress.

One of the key issues we noticed while running a demo site for WordPress 3.2 was people kept on changing the passwords. We created a demo site, so people can play around with the new features that were coming in that specific version. We created a simple username demo with a password demo. The project was created for the good of the community, but unfortunately there were users who would just change the password making it harder for others. Now you would think that by simply removing the ability to change the password by hiding the fields would be enough. Well you are dead wrong because some people were really persistent as they would request password reset using emails. Not sure what type of sick pleasure they were getting, but this was a crucial issue for us.

We did not want to create a multi-site network just to let people play with the trunk version of WordPress. We also don’t believe that users should have to create a separate username and go through the hassle just to check out the preview of a newer version.

Well, if you are running into a similar issue or want to remove the password reset/change option from WordPress, then this is what you have to do.

Open a blank php file and name it whatever you like (example: password-reset-removed.php). Then simply paste the following codes in there:

01 <?php
02 /*
03  * Plugin Name: Password Reset Removed
04  * Description: Removes the ability for non admin users to change/reset their passwords.
05  * Version: 1.0
06  * Author: Derek Herman
07  * Author URI: http://valendesigns.com
08  */
09 class Password_Reset_Removed
10 {
11
12   function __construct()
13   {
14     add_filter( 'show_password_fields', array( $this, 'disable' ) );
15     add_filter( 'allow_password_reset', array( $this, 'disable' ) );
16     add_filter( 'gettext',              array( $this, 'remove' ) );
17   }
18
19   function disable()
20   {
21     if ( is_admin() ) {
22       $userdata = wp_get_current_user();
23       $user = new WP_User($userdata->ID);
24       if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
25         return true;
26     }
27     return false;
28   }
29
30   function remove($text)
31   {
32     return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') );
33   }
34 }
35
36 $pass_reset_removed = new Password_Reset_Removed();
37 ?>

Now upload this file into your plugins folder. Activate the plugin and you are done. This plugin will remove the ability for non admin users to change/reset their passwords.

The plugin is written by Derek Herman (@valendesigns).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s