How to Remove the Auto-Generated Password During Password Reset

Introduction

By default, WordPress automatically generates and pre-fills a strong password when users reset their password. If you prefer to leave the password field empty so users can manually enter their own password, this behavior can be changed using a custom function. This guide explains how to remove the auto-generated password during password reset.

Custom Workaround

1. Go to Appearance > Theme Editor in your WordPress admin dashboard.
   
2. Under Select theme to edit, choose your active theme (preferably a BuddyBoss Child Theme), then click Select.
   
3. From the Theme Files list, click Theme Functions (functions.php).
   
4. Paste the following code just before the closing PHP tag (?>):
   

// Remove auto-generated password
function bb_generate_password( $user, $new_pass ) {
    return '';
}
add_filter( 'random_password', 'bb_generate_password', 10, 2 );

5. Click Update File to save your changes.
   

Note: Modifications are typically considered custom work, but we are making an exception in this case. Please review the BuddyBoss Support Policy.

Troubleshooting and FAQs

Q: The password field is still auto-filled after adding the code.
A: Make sure the code was added to the active theme’s functions.php file and that no plugins or custom login workflows are overriding the password reset behavior.

Q: Will this weaken password security?
A: No. WordPress will still enforce password strength rules. Users simply won’t see a pre-generated password.

Q: Does this affect user registration passwords?
A: No. This change only affects the password reset process, not new user registrations.

Q: Can I revert this change easily?
A: Yes. Remove the code from functions.php and click Update File.

Q: Who can I contact for further assistance?
A: Please review the BuddyBoss Support Policy or consult a qualified developer for additional support.