I’ve shut down password resets for all users.
I now need to prevent /wp-login.php?action=lostpassword from doing anything should anyone manually input the URL into their browser.
i.e. I don’t want the password reset form to show.
Can I disable the action that’s being passed by the URL or can I redirect /wp-login.php?action=lostpassword to /wp-login.php?
Hi Please try to use this in your functions.php it will redirect user to login form when user try to access lost password page:
add_action('init','possibly_redirect');
function possibly_redirect(){
if (isset( $_GET['action'] )){
if ( in_array( $_GET['action'], array('lostpassword', 'retrievepassword') ) ) {
wp_redirect( '/wp-login.php' ); exit;
}
}
}
Or Please follow below approach used from this answer answered here with some details based on comments of @Clarus Dignus
function disable_lost_password() {
if (isset( $_GET['action'] )){
if ( in_array( $_GET['action'], array('lostpassword', 'retrievepassword') ) ) {
wp_redirect( wp_login_url(), 301 );
exit;
}
}
}
add_action( "login_init", "disable_lost_password" );