Prevent unauthorized passwords in WordPress

How to Prevent Unauthorized Password Resets in WordPress

Editorial Note: We may earn a commission when you visit links on our website.

Do you want to prevent unauthorized password resets in WordPress?

If you have a personal WordPress account or allow user registration on your WordPress site, then the password reset option allows users to recover lost passwords.

However, if you constantly receive password recovery emails, it could be someone trying to break into your website with force, or someone trying to phish for a password.

Either way, it’s annoying and we’ll show you how to fix it.

How Do I Get Rid of Password Reset Changes in WordPress?

You can get rid of unauthorized password resets in WordPress by adding some extra security to your password reset form. We’ll show you how to do that in the steps below.

We’ll show you how to do this in these easy steps:

  1. Install WPForms
  2. Install the User Registration Addon
  3. Select Password Reset Form Template
  4. Add the Custom Captcha Addon
  5. Save and Publish Your Form

1. Install WPForms

Firstly, choose a suitable WPForms license and register your account. For the User Registration addon to work, you will need the Pro License or higher. Next, log in to your WPForms account and click the Downloads tab. Then, click the Download WPForms button to get the zip file.

Download WPForms button

Important: while on this page, copy your License Key number, as you’ll need it in the next steps.

Next, head to your WordPress site and log in. On the dashboard, click Plugins » Add New. Then, click on the Upload Plugin button. Attach the WPForms zip file you downloaded and click install now.

Upload plugin button on WordPress

WordPress will now install WPForms to your site. Once it has finished, click Activate Plugin.

Red arrow pointing to the 'Activate Plugin' button

After installing the plugin, there will now be an option on your WordPress dashboard called WPForms. Follow WPForms » Settings and this will open the general options by default. Scroll to find License Key and enter the number you copied earlier.

The Licence Key section on the WPForms plugin for WordPress

Click Verify Key to activate WPForms.

2. Install the User Registration Addon

In your WordPress dashboard, click WPForms » Addons to view the options available with your license level. Next, look for the User Registration addon and click Install Addon. It will automatically activate the plugin, and now you’re ready to go.

A red arrow pointing towards the install addon button

If you’re having any issues, read our detailed instructions on installing and activating WPForms addons.

3. Select Password Reset Form Template

To stop unauthorized password resets, you’re going to need to create a form. First, go to WordPress and click WPForms » Add New.

In the search templates bar, enter User Password Reset Form. Hover over the option and then click Use Template.

WPForms' Password Reset Form template

4. Add the Custom Captcha Addon

We are now going to add a Custom Captcha field. The reason we’re going to do this is to protect your form by adding a further layer of security. After the Custom Captcha addon is activated, you’ll be able to go into the form builder and see the option to add a Custom Captcha field.

A large red arrow pointing towards the custom captcha field

To create this field in your form, simply drag and drop it into the form preview panel in your form builder. The Custom Captcha field will always be required so users have to answer the questions before submitting the form.

If you’d like to edit the field, click on the field in the form preview panel to open up its Field Options. From here you can make changes to the Custom Captcha field, such as the Label, Type, and Description.

The Custom Captcha fields in WPForms

There are two main types of Custom Captchas to choose from: A math question or a customer question + answer.

Math Question Custom Captcha

The Math Captcha will randomly generate addition, subtraction, and multiplication questions in the form. When the form is published on a page, the field will display a new random math question each time the page is loaded or refreshed.

A custom maths question in a form field

Note: If you’d like to customize the Math Captcha, you can do so using some custom code. Please see our tutorial on how to change the Math Captcha for more details.

Customer Question and Answer Captcha

The second Captcha option is a custom question and answer. To do this, in the Field Options panel, go to the Type field to select the Question and Answer option.

A red arrow pointing towards the Question and Answer field

Next, add a question in the first field, and its answer in the second field.

The custom captcha field in WPForms

You can also add or remove sets of questions and answers by clicking on the plus (+) or minus (-) buttons respectively. With multiple sets of questions and answers, the form will display one question randomly each time it is loaded in the browser.

Once you’re done configuring the Custom Captcha field, be sure to save your form. It will look something like this:

Form preview of the new custom captcha question/answer

That’s it! You now have a Custom Captcha securing your form. For full customization options, see our documentation on how to install and use the Custom Captcha addon.

5. Save and Publish Your Form

Firstly, click the large orange Save button in the top right corner of your screen. You can then preview your form by clicking Preview.

Red arrow pointing towards the orange save form button

Next, click the embed option which is located next to the save button. You’ll then have two options: Select Existing Page or Create New Page. As you’ll be creating this for the first time, click Create New Page.

Embed in new page

  • Create New Page option: you’ll be asked to enter a name for the page. Click the Let’s Go button to embed your form and publish your page.
  • Select Existing Page option: you’ll be asked to pick which page to embed your form on from the dropdown.

WPForms' Let's Go button

And that’s it! Your brand new password reset form is live, helping you to prevent unauthorized password resets on your site.

Next, Try Customizing Your Password Protected Pages

You now have the necessary steps in place to finally eliminate unauthorized password resets in WordPress. For any further help, please take a look at how to customize a password-protected page in WordPress.

If you found this article helpful, please follow us on Facebook and Twitter for more free WordPress tutorials and guides.

Using WordPress and want to get WPForms for free?

Enter the URL to your WordPress website to install.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.