“Lost Password” form allows you to reset password of any user in WordPress setup. In this an email message is sent to registered email ID to start the password reset process. At times spam emails for password reset clog inbox. Also, there is a security risk of password leak out if your email ID is hacked. You can easily avoid such issues by disabling password reset option via email method.
Prevent Password Reset is a simple and effective plugin for issue at hand. Once you install this plugin, you should see new option “Prevent password from being reset via the Lost Password form” on user profile page in WordPress dashboard.
If you check this option for specific user, then resetting of password via “Lost Password” form will not work. You can enable it for specific or all registered users. Even with this plugin, you can still change password from user profile page in WordPress dashboard. However, resetting of password from “Lost Password” form and sending email method is not allowed.