Prohibiting Users from Changing Passwords

The toggle you would use is a custom capability, except in this case it’s a negative capability like “cannot_change_password”. A field can be added to the profile page in a way that it’s only visible to admins. When set, the capability is added to the user object. It doesn’t have to be associated with a role, though that is an option as well. There’s a number of actions you can use to add the field depending on where you want the field to appear, look through wp-admin/user-edit.php.

You can suppress the password fields on the profile page with the ‘show_password_fields’ filter. Return false if the user has that custom capability. Even with the fields suppressed, a crafty user could possibly POST a bogus form that could change the password. To prevent this if you think it’s necessary, use the reference action ‘user_profile_update_errors’ to add an error if the userdata contains password data and the user has that capability.

You also need to block the forgotten password routine from the login screen. Here use the ‘lostpassword_post’ action to die with an error message if the user has that capability. What the user entered as email or username is in $_POST['user_login'].

That said, are you really sure this is the best approach? Shared passwords are generally a bad idea, and since WP handles password management for you, there is little reason to not let users manage their own individual passwords. What are you hoping to accomplish with this scheme? Someone might be able to suggest an alternative approach without shared passwords.

Thanks for the info.
Here’s what I’m working up: I’m setting up a site where students will be able to post their writings via blog posts. When users sign up, I will create two accounts. One is for the student writer (with post and edit capabilities) and one is for them to allow friends and relatives to view the writings. Since some accounts (by parental request) will be limited to only showing the “writer’s” posts to the associated “viewer” (and vice versa), I don’t want to expand the number of accounts and have to 1) keep track of the associations and 2) set up capabilities for multiple accounts if/when account types change.

As originally stated, I also don’t want “grandma” (or any other friend/relative changing the password and locking out other people given the info.

If you can conceive an alternative, I’m certainly attentive.

How sadly ironic that parents need to limit who can see their little darling’s Internet posts. I totally get it, I just find it sad.

A couple ideas come to mind. They’re not fully thought out, but might be a starting point.

One is to consider a multi-site installation. Each student gets their own blog site. Only users registered to that site can see those posts. Anyone besides super-admins have to register to other sites to see other posts, but registrations to each site are moderated.

A single site variation is possible. An extra registration field is added to associate the registrant with a particular student. All new registrants are assigned a custom role where they can only see that student’s content. Registrants are still moderated.

Instead of registrant moderation, the friend/relative user accounts are added by the student who are assigned some custom role that allows adding users but are denied other capabilities usually associated with user management. The added user is emailed their password information as usual, they can change their passwords if they want like normal.

I was actually in a similar student situation a while back and chose the same route you did with shared user accounts. It turned out to be a total nightmare and I swore never to do that again. I’d hate to see you go through the same process!

@woalmoore

Why not front-end post editing or adding and hide the toolbar. Just have a front-end login for the site.