How to limit the number of forgot password reset attempts in Wordpress?

I'm using the Wordpress's built-in forgot password reset form and views.

I want to limit the number of reset password email attempts. By default Wordpress allows you to send unlimited reset password emails and I want to set a limit. How can I do?

This feature is only available in the Wordfence security plugin. I don't want to use Wordfence. I searched for other plugins but could not find them. I can actually write code. You can write a suggestion.

Topic reset password php forms Wordpress

Category Web

1
answered at

You need put the attempts on user meta, then do check every time user hit reset passwords.

add_action( 'password_reset', 'my_password_reset', 10, 2 );
function my_password_reset( $user, $new_pass ) {
    $limit=5;// Set the limit here
    $attempts=(int) get_user_meta($user->ID,"reset_attempts",true);
    if($attempts>$limit){
       //Do something in here, example redirect to warning page.
       wp_redirect( "/warning" );
       exit;
    } 
    update_user_meta($user->ID,"reset_attempts",$attempts++);
}

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.