The allow_password_reset WordPress PHP filter controls if a user is allowed to reset their password.
Usage
add_filter('allow_password_reset', 'custom_allow_password_reset', 10, 2);
function custom_allow_password_reset($allow, $user_id) {
// your custom code here
return $allow;
}
Parameters
- $allow: bool – Whether to allow the password to be reset. Default is true.
- $user_id: int – The ID of the user attempting to reset a password.
More information
See WordPress Developer Resources: allow_password_reset
Examples
Disable password reset for all users
add_filter('allow_password_reset', 'disable_password_reset');
function disable_password_reset($allow) {
return false;
}
Disable password reset for a specific user ID
add_filter('allow_password_reset', 'disable_password_reset_for_user', 10, 2);
function disable_password_reset_for_user($allow, $user_id) {
if ($user_id == 123) { // Replace 123 with the user ID you want to disable password reset for
return false;
}
return $allow;
}
Disable password reset for a specific user role
add_filter('allow_password_reset', 'disable_password_reset_for_role', 10, 2);
function disable_password_reset_for_role($allow, $user_id) {
$user = get_userdata($user_id);
if (in_array('administrator', $user->roles)) { // Replace 'administrator' with the user role you want to disable password reset for
return false;
}
return $allow;
}
Disable password reset for users with a specific meta value
add_filter('allow_password_reset', 'disable_password_reset_for_meta', 10, 2);
function disable_password_reset_for_meta($allow, $user_id) {
$disable_reset = get_user_meta($user_id, 'disable_password_reset', true);
if ($disable_reset == 'yes') {
return false;
}
return $allow;
}
Send custom email notification when a user tries to reset their password
add_filter('allow_password_reset', 'custom_email_notification', 10, 2);
function custom_email_notification($allow, $user_id) {
$user = get_userdata($user_id);
$email = $user->user_email;
$subject = 'Password Reset Attempt';
$message = 'A password reset has been attempted for your account. If you did not initiate this request, please contact support.';
wp_mail($email, $subject, $message);
return $allow;
}