How To Remove “Lost your password?” Link From WordPress Login Page

Why Remove “Lost your password?” Link From WordPress Login Page?

Everyday hundreds of WordPress websites get hacked. I hope you are already taking precautions and backing up your WordPress website regularly. Today we will discuss how to add an extra layer to protect your WordPress site. Have you ever noticed the link “Lost your password?” in your WordPress website login page? It looks something like this.

Remove "Lost your password?" Link From WordPress Login Page

This is an option to rest your WordPress password. You would usually click on the link and enter your email address to get a reset password link for WordPress user account. Believe it or not, this is the most common method used by newbie hackers to hack your WordPress website. In the article below, I will show you two ways to remove “Lost your password?” link from WordPress login page. Note that removing the link from WordPress Login Page does NOT remove the Password Rest Form from your website.


Method 1 – Remove “Lost your password?” Link From WordPress Login Page Using A WordPress Plugin

This is the easiest and simplest method to remove the  “Lost your password?” Link From WordPress Login Page. We also recommend this method as it does not involve messing with any codes. There are many plugins which allow you to do this with an ease. But we recommend Disable Password Reset and Plainview Protect Passwords plugins. Simply head over the plugins section of your website and search and install either one of the plugins mentioned above. For demonstration purposes, we installed Plainview Protect Passwords Plugin. Once you activate, head on over to Settings > Protect Passwords to access plugin settings page.

Remove "Lost your password?" Link From WordPress Login Page

As you can see from the image above, you can choose what user roles to have their WordPress password change/reset privilege revoked. Furthermore, you can exempt individual users from corresponding roles.

Remove "Lost your password?" Link From WordPress Login Page


Method 2 – Manually Disable “Lost your password?” Link From WordPress Login Page

This method involve adding a code inside your WordPress File Directory. Copy the following code to text editor and save it as disable-password-reset.php

class Password_Reset_Removed
  function __construct() 
    add_filter( 'show_password_fields', array( $this, 'disable' ) );
    add_filter( 'allow_password_reset', array( $this, 'disable' ) );
    add_filter( 'gettext',              array( $this, 'remove' ) );
  function disable() 
    if ( is_admin() ) {
      $userdata = wp_get_current_user();
      $user = new WP_User($userdata->ID);
      if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
        return true;
    return false;
  function remove($text) 
    return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') ); 
$pass_reset_removed = new Password_Reset_Removed();

Now you must upload this file to WordPress File Directory. You can either upload the file using a FTP client or simply upload the file through File Manager in your website cPanel. Upload the file to wp-content/plugins folder.

Then login to your WordPress admin area and head over to plugins section. As you can see, the file we just uploaded is shown as a plugin. Simply click Activate and that’s it! Now check the WordPress Login page to see if our plugin has worked. This will code will disable the password reset/change capabilities from all user roles including WordPress Administrator. Administrators can change the password by vising Change Password utility inside the WordPress Admin area.


Related Articles

Leave a Reply

Your email address will not be published.