I am sure the answer will be simple enough but I have searched and searched..
I run an e-commerce site using WP. When buyers register they are automatically designated as "SUBSCRIBERS". My profile is listed as ADMINISTRATOR
I noticed today however that in WP-Admin, if you click lost your password, emails from subscribers are accepted also. That means that anyone of my clients can go to Wp-admin, click lost password, and because their e-mails are registered, they receive link to change password.
As you can imagine, this is a problem. How do I restrict password reset link to only my e-mail?