WordPress – How to disable random password for password resets

When resetting passwords in WordPress a random password is automatically generated and pre-filled in the password field.

The random password may be seen as overwhelmingly complicated for some users and most would prefer to choose their own password.

The following filter shows how to disable this feature by setting this automatically generated and pre-filled password to blank – forcing the user to choose their own password.

NOTE: This only applies to the email – reset – change password process – not the back end reset password.

With the filter enables the ‘new password’ field will look like this when the reset password page loads.

// disable random password
add_filter( 'random_password', 'disable_random_password', 10, 2 );

function disable_random_password( $password ) {
    $action = isset( $_GET['action'] ) ? $_GET['action'] : '';
    if ( 'wp-login.php' === $GLOBALS['pagenow'] && ( 'rp' == $action  || 'resetpass' == $action ) ) {
        return '';
    }
    return $password;
}