Do you want to prevent unauthorized password resets in WordPress?
If you have a personal WordPress account or allow user registration on your WordPress site, then the password reset option allows users to recover lost passwords.
However, if you constantly receive password recovery emails, it could be someone trying to break into your website with force, or someone trying to phish for a password.
Either way, it’s annoying and we’ll show you how to fix it.
How Do I Get Rid of Password Reset Changes in WordPress?
You can get rid of unauthorized password resets in WordPress by adding some extra security to your password reset form. We’ll show you how to do that in the steps below.
We’ll show you how to do this in these easy steps:
- Install WPForms
- Install the User Registration Addon
- Select Password Reset Form Template
- Add the Custom Captcha Addon
- Save and Publish Your Form
1. Install WPForms
Firstly, choose a suitable WPForms license and register your account. For the User Registration addon to work, you will need the Pro License or higher. Next, log in to your WPForms account and click the Downloads tab. Then, click the Download WPForms button to get the zip file.
Important: while on this page, copy your License Key number, as you’ll need it in the next steps.
Next, head to your WordPress site and log in. On the dashboard, click Plugins » Add New. Then, click on the Upload Plugin button. Attach the WPForms zip file you downloaded and click install now.
WordPress will now install WPForms to your site. Once it has finished, click Activate Plugin.
After installing the plugin, there will now be an option on your WordPress dashboard called WPForms. Follow WPForms » Settings and this will open the general options by default. Scroll to find License Key and enter the number you copied earlier.
Click Verify Key to activate WPForms.
2. Install the User Registration Addon
In your WordPress dashboard, click WPForms » Addons to view the options available with your license level. Next, look for the User Registration addon and click Install Addon. It will automatically activate the plugin, and now you’re ready to go.
If you’re having any issues, read our detailed instructions on installing and activating WPForms addons.
3. Select Password Reset Form Template
To stop unauthorized password resets, you’re going to need to create a form. First, go to WordPress and click WPForms » Add New.
In the search templates bar, enter User Password Reset Form. Hover over the option and then click Use Template.
4. Add the Custom Captcha Addon
We are now going to add a Custom Captcha field. The reason we’re going to do this is to protect your form by adding a further layer of security. After the Custom Captcha addon is activated, you’ll be able to go into the form builder and see the option to add a Custom Captcha field.
To create this field in your form, simply drag and drop it into the form preview panel in your form builder. The Custom Captcha field will always be required so users have to answer the questions before submitting the form.
If you’d like to edit the field, click on the field in the form preview panel to open up its Field Options. From here you can make changes to the Custom Captcha field, such as the Label, Type, and Description.
There are two main types of Custom Captchas to choose from: A math question or a customer question + answer.
Math Question Custom Captcha
The Math Captcha will randomly generate addition, subtraction, and multiplication questions in the form. When the form is published on a page, the field will display a new random math question each time the page is loaded or refreshed.
Note: If you’d like to customize the Math Captcha, you can do so using some custom code. Please see our tutorial on how to change the Math Captcha for more details.
Customer Question and Answer Captcha
The second Captcha option is a custom question and answer. To do this, in the Field Options panel, go to the Type field to select the Question and Answer option.
Next, add a question in the first field, and its answer in the second field.
You can also add or remove sets of questions and answers by clicking on the plus (+) or minus (-) buttons respectively. With multiple sets of questions and answers, the form will display one question randomly each time it is loaded in the browser.
Once you’re done configuring the Custom Captcha field, be sure to save your form. It will look something like this:
That’s it! You now have a Custom Captcha securing your form. For full customization options, see our documentation on how to install and use the Custom Captcha addon.
5. Save and Publish Your Form
Firstly, click the large orange Save button in the top right corner of your screen. You can then preview your form by clicking Preview.
Next, click the embed option which is located next to the save button. You’ll then have two options: Select Existing Page or Create New Page. As you’ll be creating this for the first time, click Create New Page.
- Create New Page option: you’ll be asked to enter a name for the page. Click the Let’s Go button to embed your form and publish your page.
- Select Existing Page option: you’ll be asked to pick which page to embed your form on from the dropdown.
And that’s it! Your brand new password reset form is live, helping you to prevent unauthorized password resets on your site.
Next, Try Customizing Your Password Protected Pages
You now have the necessary steps in place to finally eliminate unauthorized password resets in WordPress. For any further help, please take a look at how to customize a password-protected page in WordPress.
If you found this article helpful, please follow us on Facebook and Twitter for more free WordPress tutorials and guides.