Using WordPress ‘allow_password_reset’ PHP filter

The allow_password_reset WordPress PHP filter controls if a user is allowed to reset their password.

Usage

add_filter('allow_password_reset', 'custom_allow_password_reset', 10, 2);

function custom_allow_password_reset($allow, $user_id) {
    // your custom code here

    return $allow;
}

Parameters

  • $allow: bool – Whether to allow the password to be reset. Default is true.
  • $user_id: int – The ID of the user attempting to reset a password.

More information

See WordPress Developer Resources: allow_password_reset

Examples

Disable password reset for all users

add_filter('allow_password_reset', 'disable_password_reset');

function disable_password_reset($allow) {
    return false;
}

Disable password reset for a specific user ID

add_filter('allow_password_reset', 'disable_password_reset_for_user', 10, 2);

function disable_password_reset_for_user($allow, $user_id) {
    if ($user_id == 123) { // Replace 123 with the user ID you want to disable password reset for
        return false;
    }
    return $allow;
}

Disable password reset for a specific user role

add_filter('allow_password_reset', 'disable_password_reset_for_role', 10, 2);

function disable_password_reset_for_role($allow, $user_id) {
    $user = get_userdata($user_id);
    if (in_array('administrator', $user->roles)) { // Replace 'administrator' with the user role you want to disable password reset for
        return false;
    }
    return $allow;
}

Disable password reset for users with a specific meta value

add_filter('allow_password_reset', 'disable_password_reset_for_meta', 10, 2);

function disable_password_reset_for_meta($allow, $user_id) {
    $disable_reset = get_user_meta($user_id, 'disable_password_reset', true);
    if ($disable_reset == 'yes') {
        return false;
    }
    return $allow;
}

Send custom email notification when a user tries to reset their password

add_filter('allow_password_reset', 'custom_email_notification', 10, 2);

function custom_email_notification($allow, $user_id) {
    $user = get_userdata($user_id);
    $email = $user->user_email;
    $subject = 'Password Reset Attempt';
    $message = 'A password reset has been attempted for your account. If you did not initiate this request, please contact support.';
    wp_mail($email, $subject, $message);

    return $allow;
}