Disable Password Reset In WordPress

If you run WordPress and are tired of having script kiddies clicking the “forgot password” link and getting emails, just disable it by editing your .htaccess file. If you’re running your own instance you don’t need it anyway.

<IfModule mod_rewrite.c>
RewriteEngine On

#...

RewriteCond %{QUERY_STRING} action=lostpassword
RewriteRule (.*) $1? [R=permanent]
</IfModule>