wp_password_change_notification( WP_User $user )

Notifies the blog admin of a user changing password, normally via email.

Parameters

$userWP_Userrequired
User object.

More Information

  • This function is normally called when a user resets a lost password, not if the password is changed on their profile page.
  • This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.

Source

function wp_password_change_notification( $user ) {
	/*
	 * Send a copy of password change notification to the admin,
	 * but check to see if it's the admin whose password we're changing, and skip this.
	 */
	if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
		/* translators: %s: User name. */
		$message = sprintf( __( 'Password changed for user: %s' ), $user->user_login ) . "\r\n";
		/*
		 * The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
		 * We want to reverse this for the plain text arena of emails.
		 */
		$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );

		$wp_password_change_notification_email = array(
			'to'      => get_option( 'admin_email' ),
			/* translators: Password change notification email subject. %s: Site title. */
			'subject' => __( '[%s] Password Changed' ),
			'message' => $message,
			'headers' => '',
		);

		/**
		 * Filters the contents of the password change notification email sent to the site admin.
		 *
		 * @since 4.9.0
		 *
		 * @param array   $wp_password_change_notification_email {
		 *     Used to build wp_mail().
		 *
		 *     @type string $to      The intended recipient - site admin email address.
		 *     @type string $subject The subject of the email.
		 *     @type string $message The body of the email.
		 *     @type string $headers The headers of the email.
		 * }
		 * @param WP_User $user     User object for user whose password was changed.
		 * @param string  $blogname The site title.
		 */
		$wp_password_change_notification_email = apply_filters( 'wp_password_change_notification_email', $wp_password_change_notification_email, $user, $blogname );

		wp_mail(
			$wp_password_change_notification_email['to'],
			wp_specialchars_decode( sprintf( $wp_password_change_notification_email['subject'], $blogname ) ),
			$wp_password_change_notification_email['message'],
			$wp_password_change_notification_email['headers']
		);
	}
}

Hooks

apply_filters( ‘wp_password_change_notification_email’, array $wp_password_change_notification_email, WP_User $user, string $blogname )

Filters the contents of the password change notification email sent to the site admin.

Changelog

VersionDescription
2.7.0Introduced.

User Contributed Notes

  1. Skip to note 4 content

    The function is hooked to the 'after_password_reset' action, so I think a simpler way to disable it would be just:

    remove_action( 'after_password_reset', 'wp_password_change_notification' );
  2. Skip to note 5 content

    By default, WordPress sends a notification to the blog admin whenever a user changed the password.
    To disable this just add below code to your theme or plugin.

    if ( ! function_exists( 'wp_password_change_notification' ) ) :
        function wp_password_change_notification( $user ) {
            return;
        }
    endif;
  3. Skip to note 6 content

    Alternative method to prevent these emails being sent, put the following code in your functions.php file of your theme or plugin:

    // disable the email notification to admin when user changes password
    add_filter( 'wp_password_change_notification_email', 'wpdocs_stop_email' );
    function wpdocs_stop_email( $email ) {
    	$email['to'] = ''; //empty the TO: part, will fail to send
    	return $email;
    }

    (I found rsm0128’s suggestion did not work for me in WordPress 6.0)

You must log in before being able to contribute a note or feedback.