Blocking user access to change the password

by Nikolaenko Maxim · Published October 1, 2012 · Updated August 19, 2018

Blocking user access to change the password. Why is it needed? Well, for example, if you register users by invites, independently and as an option to protect the site from hacking. You can change any data, except for the password, and generate a password yourself so that it is not simple. Simple passwords are easy to guess, this is one of the simplest hacks.

So let's look at the code of the future plugin:

/*
 * Plugin Name: Password Reset Removed
 * Description: Removes the ability for non admin users to change/reset their passwords.
 * Version: 1.0
 * Author: Derek Herman
 * Author URI: https://valendesigns.com
 */
class Password_Reset_Removed
{

  function __construct() 
  {
    add_filter( 'show_password_fields', array( $this, 'disable' ) );
    add_filter( 'allow_password_reset', array( $this, 'disable' ) );
    add_filter( 'gettext',              array( $this, 'remove' ) );
  }

  function disable() 
  {
    if ( is_admin() ) {
      $userdata = wp_get_current_user();
      $user = new WP_User($userdata--->ID);
      if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )
        return true;
    }
    return false;
  }

  function remove($text) 
  {
    return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') ); 
  }
}

$pass_reset_removed = new Password_Reset_Removed();

* Plugin Name: Password Reset Removed

* Description: Removes the ability for non admin users to change/reset their passwords.

* Version: 1.0

* Author: Derek Herman

* Author URI: https://valendesigns.com

class Password_Reset_Removed

{

function __construct()

{

add_filter( 'show_password_fields', array( $this, 'disable' ) );

add_filter( 'allow_password_reset', array( $this, 'disable' ) );

add_filter( 'gettext', array( $this, 'remove' ) );

}

function disable()

{

if ( is_admin() ) {

$userdata = wp_get_current_user();

$user = new WP_User($userdata--->ID);

if ( !empty( $user->roles ) && is_array( $user->roles ) && $user->roles[0] == 'administrator' )

return true;

}

return false;

}

function remove($text)

{

return str_replace( array('Lost your password?', 'Lost your password'), '', trim($text, '?') );

}

$pass_reset_removed = new Password_Reset_Removed();

The plugin can be downloaded from github
After activating the plugin, ordinary users will completely lose the password change fields, what we needed.

The above code works fine with the plugin Force Strong Passwords WordPress. The plugin helps protect against entering simple passwords.
Good luck in developing and developing your projects.

Online tutoring services. List of courses I teach

Basic web design course;
Site layout;
General course on CMS WordPress and continuation of the course on template development;
Website development in PHP.