WordPress – How to disable random password for password resets

When resetting passwords in WordPress a random password is automatically generated and pre-filled in the password field.

The random password may be seen as overwhelmingly complicated for some users and most would prefer to choose their own password.

The following filter shows how to disable this feature by setting this automatically generated and pre-filled password to blank – forcing the user to choose their own password.

NOTE: This only applies to the email – reset – change password process – not the back end reset password.

With the filter enables the ‘new password’ field will look like this when the reset password page loads.

// disable random password
add_filter( 'random_password', 'itsg_disable_random_password', 10, 2 );

function itsg_disable_random_password( $password ) {
    $action = isset( $_GET['action'] ) ? $_GET['action'] : '';
    if ( 'wp-login.php' === $GLOBALS['pagenow'] && ( 'rp' == $action  || 'resetpass' == $action ) ) {
        return '';
    }
    return $password;
}

Tagged in

4 comments on “WordPress – How to disable random password for password resets

  1. I used this snippet and now i’m unable to add new users in the backend.

    When i add a user wordpress requires me to fill in a password, and after i filled in a password my users are obviously not able to login because they’re not aware of the password i filled in.

    I would like to send my new users added in the backend a link to create their own password, without the automatic generated feature. Any help on how to resolve this?

    Thanks in advance!

    1. On another end, it disables the get_password_reset_key() function that allows password reset tokens to be generated as well. It does also impact when I modify a user’s password on the backend.

Leave a Reply to Nick Cancel reply

Your email address will not be published. Required fields are marked *