I have a Wordpress multisite. One of the sites has two users: me and the enduser. There are multiple password reset attempts for the enduser, not initiated by him.
I block the IP in the firewall of the hosting server, but the attempts keep coming from different IP's.
Every time this happens the endusers gets en e-mail, and he's concerned about security.
So, I want to completely disable password recovery. Googling this returns a lot of howto's, but for some reason, none of them work on my system.
What I tried:
Installing (and activating network-wide) the plugin Disable Password Reset by H3llas. Result: nothing changed. Password reset still works.
Installing Plainview Protect Passwords, blocking password reset for all users. Result: nothing changed. Password reset still works.
Editing functions.php of the child-theme of the site of the end user with below code:
function disable_password_reset() { return false; } add_filter ( 'allow_password_reset', 'disable_password_reset' ); function remove_lostpassword_text ( $text ) { if ($text == 'Lost your password?'){$text = '';} return $text; } add_filter( 'gettext', 'remove_lostpassword_text' );
Result: nothing changed. Password reset still works.
Editing functions.php with above code for the child-theme of the main site. Result: nothing changed. Password reset still works.
After each step I cleared the cache of WP Super Cache and my browser.
Any idea why non of these seem to work on my site?
I have a Wordpress multisite. One of the sites has two users: me and the enduser. There are multiple password reset attempts for the enduser, not initiated by him.
I block the IP in the firewall of the hosting server, but the attempts keep coming from different IP's.
Every time this happens the endusers gets en e-mail, and he's concerned about security.
So, I want to completely disable password recovery. Googling this returns a lot of howto's, but for some reason, none of them work on my system.
What I tried:
Installing (and activating network-wide) the plugin Disable Password Reset by H3llas. Result: nothing changed. Password reset still works.
Installing Plainview Protect Passwords, blocking password reset for all users. Result: nothing changed. Password reset still works.
Editing functions.php of the child-theme of the site of the end user with below code:
function disable_password_reset() { return false; } add_filter ( 'allow_password_reset', 'disable_password_reset' ); function remove_lostpassword_text ( $text ) { if ($text == 'Lost your password?'){$text = '';} return $text; } add_filter( 'gettext', 'remove_lostpassword_text' );
Result: nothing changed. Password reset still works.
Editing functions.php with above code for the child-theme of the main site. Result: nothing changed. Password reset still works.
After each step I cleared the cache of WP Super Cache and my browser.
Any idea why non of these seem to work on my site?
Share Improve this question edited Oct 8, 2020 at 8:01 Rup 4,4004 gold badges29 silver badges29 bronze badges asked Oct 2, 2020 at 7:23 Coder14Coder14 531 silver badge5 bronze badges 01 Answer
Reset to default 3 +50Since this is a multisite you'll have to put the disable password filter in a mu-plugin. Create a file in wp-content/mu-plugins with:
<?php
add_filter( 'allow_password_reset', '__return_false' );
That should completely disable password recovery. It will affect all sites, not just that one customer's: if that's not what you intended you'll have to add logic here to restrict it to that one user e.g. by name, or by checking for permissions / roles on that customer's site, or by a flag in user meta.