How to disable password resets in MediaWiki
By default, users can reset their passwords. They can do this from the frontend form for resetting passwords. It's configured so that the user can do that by providing the username of their account. MediaWiki sends a message to the email address associated with that account, and the message contains an automatically generated temporary password.
If you want to disable password resets, you can do this by inserting a line of code in the LocalSettings.php file of your MediaWiki. On a new line at the end of the file put the following:
$wgPasswordResetRoutes = false;
This will turn off the options for resetting passwords. When a user visits the form for resetting passwords a message will be displayed that password resets have been disabled.
The LocalSettings.php file that you have to edit to achieve this is located in the root MediaWiki folder on your MediaWiki hosting account. If, for example, MediaWiki is installed directly in the public_html directory on the account, then the path to the file in relation to that directory will be public_html/LocalSettings.php. HostKnox customers can edit files with the File manager of the Pixie control panel. Another way of doing it is to download the file on your local computer, edit it with a text editor (e.g. Notepad ++) and upload it back overwriting the old file.
When it comes to user passwords and password resets you may also find useful our other articles related to that: