Do you want to prevent unauthorized WordPress password resets?
Having an easy password reset option on your WordPress website is a convenient way to recover a lost or forgotten password. This is especially true if you allow other users to register and use your site.
However, if you constantly receive password recovery emails that you didn’t request, it could indicate that someone is trying to break into your website with force. It could also be a phishing attempt.
Either way, it’s frustrating and not what you want to deal with. The good news is that it’s an easy fix, so let’s take a look.
Create Your WordPress Form Now
How to Prevent Unauthorized WordPress Password Resets
If you’re receiving frequent WordPress password reset emails that you didn’t request, it can drive you crazy. To save your sanity, here’s my tried and true method for getting rid of those unwanted password resets. 3 easy steps!
In This Article
1. Install WPForms and Activate the User Registration Addon
I’m going to walk you through each part of this installation and activation process, but don’t worry. It will only take you a couple of minutes to complete this step.
The first thing you’ll need to do is select a WPForms license and register your account. Please note: this tutorial uses the User Registration addon, which requires a Pro license or higher.
Once you’ve registered your account, log in to access your WPForms account page and navigate to the Downloads tab. Click the Download WPForms button.
Important: while you’re on this page, copy your License Key number. You’ll need it in the next steps.
Next, head to your WordPress site and log in. On the dashboard, click Plugins » Add New. Then, click on the Upload Plugin button. Attach the WPForms .zip file you downloaded and install it.
Once WordPress has finished installing your WPForms plugin, click Activate Plugin.
Now that the plugin is installed and activated, you should see WPForms in your left navigation sidebar. Click on WPForms » Settings and the General settings tab will open by default.
You should see the License Key settings at the top. Paste the license key that you copied from your account page. Then click Verify Key to activate WPForms.
Now that WPForms is installed on your site, all you have to do is take a quick second to install the User Registration addon.
From your WordPress dashboard, click WPForms » Addons. Remember that you must have a Pro license or above for access to this addon.
Locate the User Registration addon and click the Install Addon button.
After the addon is installed, you’ll see a toggle switch that you can use to activate and deactivate it as you like.
If you’re having any issues, read our detailed instructions on installing and activating WPForms addons. You can also check out this complete guide to installing WordPress plugins.
2. Create a Password Reset Form
Everything is installed and activated, so now we’re ready to create a form! To stop unauthorized password resets, you’re going to need to create a form.
Don’t be intimidated by this process. It’s super easy, and we already have a template that you can use to save you time.
Let me show you what I mean.
First, from your WordPress dashboard, click WPForms » Add New.
In the search templates bar, enter User Password Reset Form. Hover over the option and then click Use Template.
The template will load in the form builder and you’ll see that it’s very simple. You can make any customizations you’d like, but the one that you definitely want to make is to add a custom Captcha.
Add a Custom Captcha
With WPForms, you have several options when it comes to spam prevention for your forms. I recommend using the Custom Captcha option to help prevent those unrequested password resets in WordPress.
At this point, you should be looking at your form template loaded up in the form builder from the end of the last step. With that open, scroll down through the Fancy Fields and drag or click on the Custom Captcha option to add it to your form.
There are 2 types of custom Captcha questions you can add: math and question and answer.
Math Captchas
The default Custom Captcha is a math question. Click on it in the form builder to open up the field options.
If you decide to keep the math problem, it will automatically generate a new question every time the page loads and could be addition, subtraction, or multiplication.
If you’d like to customize the Math Captcha, you can do that with some custom code. Please see our tutorial on how to change the Math Captcha for more details.
Question and Answer Captchas
You can also change it to a custom question and answer. This option lets you create your own questions that users must answer. Take care to make these questions pretty general knowledge and easy to spell.
By default, there is only one question, but you can add more. Your form will cycle through them, displaying a different one every time the page loads or refreshes.
And that’s really all there is to adding a Custom Captcha field to your form!
For full customization options, see our documentation on how to install and use the Custom Captcha addon.
3. Save and Publish Your Form
In just a short period of time, you’ve installed WPForms and created your own user password reset form to help stop unauthorized password reset requests in WordPress.
Pretty easy, right?
All that’s left to do now is save and publish your form. This part should be a piece of cake.
First, find that orange Save button in the top right corner and give that a click. You don’t want to lose your work!
Once your form is saved, move right to the left and click on the Embed button.
You have 2 options for embedding your form on your website. You can either embed it on an existing page, or you can create a new one.
If you choose an existing page, a list of the pages on your website will show up in a dropdown for you to select the page you want to use.
For our example, let’s embed this form on a new page. After you select that option, you’ll see a prompt to give your page a name. Once you name the new page, click Let’s Go! Your new page will open with the form embedded, and you can make additional updates from there.
If you aren’t ready to embed your form right now, don’t worry. There are other ways to do it later when you’re ready. We’ve got some more information on ways to embed your forms on your website, so check that out whenever you’re ready!
Frequently Asked Questions
Here are some of the most commonly asked questions we get when it comes to unauthorized WordPress password resets.
How can I tell if someone else is trying to reset my WordPress password?
If someone else is trying to reset your WordPress password, you’ll likely get emails that let you know a request was made. You can also check your website logs for login attempts. If this is the case, change your password.
By creating a password reset form with a Custom Captcha on WPForms, you’re adding an extra layer of security that will help eliminate bot attempts.
What additional steps can I take to keep my site safe from unauthorized WordPress password resets?
Always create a strong password that’s unique to the site. A lot of web browsers or tools like 1Password will even help make suggestions for you. Change your password on a regular basis, too.
It’s also wise to turn on 2FA (2-Factor Authentication). It adds a step to your sign-in process, but it creates another layer of WordPress security in the process. For example, you might need to enter your password and then also enter an authentication code that you get by email, text message, or an authentication app.
What kind of site security should I consider for my WordPress site?
In addition to what’s already been suggested, use SSL encryption on your site to protect data. You can also implement rate limits, which will help to prevent brute-force attacks that are typically coming from bots.
If other users have accounts on your site, it’s also a good idea to have some kind of user verification process.
Next, Try Customizing Your Password Protected Pages
You now have the necessary steps in place to finally eliminate unauthorized password resets in WordPress. Now read up on how to customize a password-protected page in WordPress.
Create Your WordPress Form Now
Ready to build your form? Get started today with the easiest WordPress form builder plugin. WPForms Pro includes lots of free templates and offers a 14-day money-back guarantee.
If this article helped you out, please follow us on Facebook and Twitter for more free WordPress tutorials and guides.