wp_is_password_reset_allowed_for_user( int|WP_User $user ): bool|WP_Error

Checks if password reset is allowed for a specific user.

Parameters

$userint|WP_Userrequired
The user to check.

Return

bool|WP_Error True if allowed, false or WP_Error otherwise.

Source

function wp_is_password_reset_allowed_for_user( $user ) {
	if ( ! is_object( $user ) ) {
		$user = get_userdata( $user );
	}

	if ( ! $user || ! $user->exists() ) {
		return false;
	}
	$allow = true;
	if ( is_multisite() && is_user_spammy( $user ) ) {
		$allow = false;
	}

	/**
	 * Filters whether to allow a password to be reset.
	 *
	 * @since 2.7.0
	 *
	 * @param bool $allow   Whether to allow the password to be reset. Default true.
	 * @param int  $user_id The ID of the user attempting to reset a password.
	 */
	return apply_filters( 'allow_password_reset', $allow, $user->ID );
}

Hooks

apply_filters( ‘allow_password_reset’, bool $allow, int $user_id )

Filters whether to allow a password to be reset.

Changelog

VersionDescription
6.3.0Introduced.

User Contributed Notes

  1. Skip to note 2 content

    You can prevent specific user roles from reseting passwords using this filter like below

    add_filter( 'allow_password_reset', 'wpdocs_disallow_password_reset' );
    
    function wpdocs_disallow_password_reset( $allow, $user_id ) {
    	$user = get_userdata( $user_id );
    	
    	if ( in_array( 'author', (array) $user->roles ) ) {
    		return false;
    	} 
    
    	return $allow;
    }

You must log in before being able to contribute a note or feedback.