Completely disabling password reset/recovery

Question

I have a WordPress multisite. One of the sites has two users: me and the enduser.
There are multiple password reset attempts for the enduser, not initiated by him.

I block the IP in the firewall of the hosting server, but the attempts keep coming from different IP’s.

Every time this happens the endusers gets en e-mail, and he’s concerned about security.

So, I want to completely disable password recovery. Googling this returns a lot of howto’s, but for some reason, none of them work on my system.

What I tried:

  • Installing (and activating network-wide) the plugin Disable Password Reset by H3llas. Result: nothing changed. Password reset still works.

  • Installing Plainview Protect Passwords, blocking password reset for all users. Result: nothing changed. Password reset still works.

  • Editing functions.php of the child-theme of the site of the end user with below code:

    function disable_password_reset() {
    return false;
    }
    add_filter ( ‘allow_password_reset’, ‘disable_password_reset’ );

    function remove_lostpassword_text ( $text ) {
    if ($text == ‘Lost your password?’){$text = ”;}
    return $text;
    }
    add_filter( ‘gettext’, ‘remove_lostpassword_text’ );

    Result: nothing changed. Password reset still works.

  • Editing functions.php with above code for the child-theme of the main site. Result: nothing changed. Password reset still works.

After each step I cleared the cache of WP Super Cache and my browser.

Any idea why non of these seem to work on my site?

0
Coder14 4 months 0 Answers 24 views 0

Leave an answer