Remove suggested passwords from WordPress

November 24, 2020

With the world burning right now due to the COVID-19 pandemic, more and more users and schools are getting online for their work.

One thing we noticed during this time was that often users assumed that their password has already been set to this new suggested password.

That led to repeated password reset requests, transactional emails flying around, and infinite unnecessary tickets opened to our support agents.

It was clear we needed a way to remove this feature, at least for now, in order to give us time to train users about this (which sounds impossible).

So I wrote this snippet below:

add_filter( 'random_password', 'disable_suggested_password', 10, 2 );

function disable_suggested_password( $password ) {
    $action = isset( $_GET['action'] ) ? $_GET['action'] : '';
    if ( 'wp-login.php' === $GLOBALS['pagenow'] && ( 'rp' == $action  || 'resetpass' == $action ) ) {
        return '';
    return $password;

This removes the password suggestion and leaves a blank input field for users to fill in.

So, this is how you can remove this feature with one small snippet. Have you found another way to make it easier for users to understand the password reset procedure, if so, I’ll be happy if you contact me on Twitter.

© 2017 - ∞ Kostas Vrouvas. All rights and lefts reserved.