How to Customize The Password Reset Page For WordPress

Last Updated on February 19, 2025 by Sunny Staff

Just like the WordPress login page, the password reset page provides an opportunity for additional branding and marketing. Luckily you can change the look and feel of the password reset page in WordPress with just a little bit of effort and creativity, which is what this post is about. Let’s get started.

Where Is The Password Reset Page in WordPress?

If you’re brand new to WordPress, you probably haven’t encountered the password reset page yet; it is presented whenever you click on ‘Lost your password’ on the WordPress login page.

However, despite the password reset page being presented as a page, it’s not a page you’d find in the Pages dashboard. That’s because it isn’t stored as a post type in the wp_posts table.

Rather, it’s a system generated screen, and can be accessed by adding wp-login.php?action=lostpassword to the end of your domain. For example:
https://www.yourdomain.com/wp-login.php?action=lostpassword

The user interface for the password reset page is primarily controlled by:

1. wp-login.php
   • The core file wp-login.php dynamically generates the password reset, lost password, and login forms based on query parameters (e.g.,?action=lostpassword or ?action=rp).
   • It uses the login_header() function to output the standard WordPress login page layout.
2. login_header() and login_footer() Hooks
   • These are responsible for rendering the default header and footer of the WordPress login pages.
3. wp_login_form() Function (if manually embedded)
   • This function allows developers to add login-related forms (including the reset password form) into custom pages or templates.

With that said, we can easily customize the look of the password reset page using:

• Plugins (Ready-made solutions for non-developers)
• Custom CSS (Basic styling using Additional CSS or custom theme styles)
• Custom Code via functions.php or a custom plugin (Modifying templates or hooks)
• Completely Custom Pages (Redirecting the reset process to a new page)

In this post we’ll be using plugins to customize the password reset page. We’ll also look at injecting custom CSS using functions.php.

Also read: Unlocking WordPress – 5 Effective Methods to Reset WP Password

Customizing the Password Reset Page Using a Plugin

Frontend Reset Password by WP Enhanced

Active Installations: 10,000+

Frontend Reset Password makes use of a shortcode to create a password reset form on a page. Importantly, this shortcode can be added to any page which means you’re not confined to the default WordPress password reset page.

When the page is accessed, an email address or username can be supplied, and a password reset link will be sent to the user. Frontend Reset Password depends on default WordPress functionality, which reduces the potential for plugin conflicts or site errors.

Configuring the plugin is easy. Just navigate to Settings > Frontend Reset Password. Here you’ll be able to choose which page to use for the [reset_password] shortcode to display the password reset form – perfect if you’re using a page builder.

Frontend Reset Password allows you to specify a:

• Reset password page (specify the password reset page)
• Reset email sent (a page to which the user is redirected if the password reset email has been successfully sent)
• New password saved (a page to which the user is redirected if their password has been successfully changed)
• Custom login page

You can also customize the:

• Form title & text
• Button text
• Password reset emails

We used Elementor to add a bit of color to the page on our test site (hence, no menu), but left the plugin’s form intact to show you what it looks like. The form’s style can be enhanced using basic CSS.

Theme My Login by Jeff Farthing

Active Installations: 70,000+

Theme My Login is a plugin that can be used to customize the WordPress login page along with the registration and password reset pages. It comes with the following stand-out features:

• Log in from the frontend of your site
• Register from the frontend of your site
• Recover their password from the frontend of your site
• Allow email-only registration
• Allow your users to be logged in automatically after registration with auto-login

Importantly, Theme My Login doesn’t come with the ability to customize the login or password reset pages yourself. What it does is to apply your theme’s styling to those pages, which makes it a set-and-forget plugin (as long as you keep applying updates when they are published).

We haven’t applied much in the way of styling to our test site, and it shows in the appearance of our ‘Lost Password’ form.

Please note: At the time of this writing, Theme My Login has 277 5-star reviews and 119 1-star reviews. Ordinarily, given that the number of 5-star and 1-star reviews are so close to each other, we would not have included the plugin in this post. 

However, given that the last 1-star review was more than a year ago and the plugin was updated two months ago, it’s evident that major improvements were made to the plugin’s code. We will, however, still recommend testing out the plugin on a dev or staging site.

LoginPress by Adnan

Active Installations: 200,000+

We covered LoginPress in our previous post, Mastering WordPress: How to Create a Custom Login Page. While its main function is to help you customize your WordPress login page, and since WordPress’s password reset functionality uses the login page (<code>wp-login.php</code>) as a template for the Reset Password page, we can also use LoginPress to customize the Reset Password page. This is achieved by customizing the login page, which we’ve discussed in the above-mentioned post.

Customizing the Password Reset Page Using Code

Don’t want to install yet another plugin? We can customize the password reset’s page with some CSS. The code below is added to <code>functions.php</code>, and adds custom CSS for the reset password page. Let’s take a look:

/* CUSTOMIZE PASSWORD RESET */

function custom_password_reset_styles() {
// Check if the current page is the password reset page
if (isset($_GET['action']) && in_array($_GET['action'], ['lostpassword', 'rp', 'resetpass'])) {
echo '<style>'
/* Background color */
body.login {
background-color: #f4f4f4 !important;
height: 100vh;
display: flex !important;
align-items: center !important;
justify-content: center !important;
}

/* Centering the form */
#login {
width: 400px !important;
margin: auto !important;
padding: 20px !important;
background: #ED4523;
border-radius: 33px;
box-shadow: 0px 4px 10px rgba(0, 0, 0, 0.1);
}

/* Customizing the WordPress logo */
#login h1 a {
background-image: url("http://sunnyhq.local/wp-content/uploads/2025/01/SunnyHQ-shine-logo-260x99-R.png") !important; /* Replace with your logo */
background-size: contain !important;
width: 250px !important;
height: 80px !important;
}

/* Customizing input fields */
.login form {
border: none !important;
box-shadow: none !important;
padding: 20px !important;
background: #ececfb !important;
border-radius: 33px;
}

.login form input[type="text"],
.login form input[type="password"],
.login form input[type="email"] {
width: 100%;
padding: 10px;
border: 1px solid #ccc;
border-radius: 5px;
}

/* Customize the submit button */
.wp-core-ui .button-primary {
background-color: #0073aa !important;
border-color: #005177 !important;
color: white !important;
padding: 10px 20px !important;
font-size: 16px !important;
border-radius: 5px !important;
text-transform: uppercase;
}

.wp-core-ui .button-primary:hover {
background-color: #005177 !important;
border-color: #003b5d !important;
}

/*Make text links white */
.login #nav a {
color: #fff !important;
}

/* Hide the "Back to" link */
.login #backtoblog {
display: none;
}

/* Hide the WordPress login error messages (optional for security) */
.login .message,
.login .error {
display: none;
}
</style>';
}
}
add_action('login_enqueue_scripts', 'custom_password_reset_styles');
The code above is labelled appropriately to be easy to understand. If you have basic CSS knowledge you should be able to customize most aspects of your reset password page. Here’s what ours looks like, colored to highlight the different sections of the password reset page.

Enhancing Security for the Password Reset Page

The WordPress password reset page is often a target for brute-force attacks and phishing attempts. Attackers could successfully trigger and intercept a password reset request, which means they can gain control of an account without needing the original password.

Here are a few ways to strengthen its security. If you’re using a plugin to handle customization of your password reset page, login page, or any other page that falls under the ‘user management’ umbrella, check whether they come with security features to help protect your WordPress website. Alternatively, consider any of the following plugins to beef up your protection:

1. Enable reCAPTCHA

One of the simplest yet most effective ways to prevent automated attacks is to add Google reCAPTCHA to the password reset page. This ensures that only legitimate users can request password resets.

Security plugins such as Wordfence include built-in support for adding reCAPTCHA to WordPress login and reset pages. Alternatively, you can use a dedicated plugin like Advanced Google reCAPTCHA by WebFactory to apply reCAPTCHA to all login-related pages, including wp-login.php?action=lostpassword.

2. Change the Password Reset URL

Since the standard WordPress password reset page is located at wp-login.php?action=lostpassword, attackers can easily target it. Using a plugin like WP Ghost, you can change this URL to something unique, such as /custom-reset-password&, reducing the risk of automated attacks.

3. Limit Password Reset Attempts

To prevent brute-force attacks, you can limit the number of password reset requests per hour. Plugins like Wordfence and All-In-One Security (AIOS) – Security & Firewall help enforce cooldown periods, preventing multiple reset attempts from the same IP within a short period.

By implementing these security measures, you can significantly reduce the chances of unauthorized access and keep your WordPress site secure.

Also read: The Role of Professional WordPress Maintenance in Securing Agency Client Sites

Troubleshooting Common Issues with the Password Reset Page

If the WordPress password reset page isn’t working as expected, here are some common issues and how to fix them:

Password Reset Emails Not Sending

One of the most frequent problems is users not receiving password reset emails. This is usually due to issues with the WordPress mail function (wp_mail) or email server configuration. Luckily it’s an easy fix, and only requires the installation of a WordPress mail sending plugin like WP Mail SMTP or Post SMTP. Keep in mind that these plugins enable sending through 3rd party providers like Gmail, SendGrid, or Microsoft.

Password Reset Link Not Working

If a user’s password reset link doesn’t work, it could be due to:

• An expired link (default expiry is 24 hours)
• The reset link being changed by email filters
• Issues with caching or security plugins

When a link has expired, the user should request a new link and preferably copy and paste it into their browser rather than clicking (in case the mail client truncates the link). Also ask your host or website maintenance partner to disable caching on wp-login.php?action=rp. And if you’re using Cloudflare, be sure to disable Email Obfuscation, as it sometimes modifies reset links.

Custom Styles Not Applying to the Reset Page

If you’ve added custom CSS but don’t see the changes, this could be because of caching issues (either the user’s browser or your server), conflicting style rules from plugins or themes, or because of missing CSS selectors in the page template.
Here’s what you can do to resolve the issue:

• Clear browser cache and force refresh (Ctrl + Shift + R on Windows, Cmd + Shift + R on Mac)
• If using a caching plugin, clear the cache and exclude wp-login.php from optimization
• Use !important in your CSS rules to override theme styles

Also read: Clearing Cache in WordPress: Boost Performance and Resolve Issues

Redirection Loops When Customizing the Reset Page

A redirection loop occurs when the password reset page is set to redirect to itself or an inaccessible page, causing WordPress to reload continuously. To resolve this, ensure that your custom reset page is properly linked in the login flow.

If you’ve created a custom password reset page and users get stuck in a loop, it’s likely because of a redirection loop. Here’s what to do:

• Ensure your redirect URLs don’t point back to wp-login.php
• If using a plugin like Theme My Login, double-check the page settings under Theme My Login > General
• Temporarily disable custom redirects to see if a plugin is causing the issue

Plugin Conflicts Causing the Reset Page to Break

Some security or login customization plugins may interfere with password reset functionality. Here’s what to do:

• Deactivate all login-related plugins and reactivate them one by one to find the culprit
• If using Theme My Login, check for compatibility issues with other login plugins like LoginPress or Frontend Reset Password

By systematically troubleshooting these common issues, you can ensure that the password reset page functions smoothly for your users.

Conclusion

Customizing the WordPress password reset page allows you to improve branding, enhance user experience, and boost security. Whether you choose to use plugins for ease of implementation or custom CSS and PHP for a tailored approach, there are plenty of ways to modify the password reset page to better fit your needs. Of course, security is a must, and you’ll have to troubleshoot whenever users are having trouble. While the tips in this post can make things a little easier – nothing beats experience. Choose a WordPress Hosting & Support Plan and get rapid turnaround support for your WordPress site.