diff --git a/src/controllers/index.js b/src/controllers/index.js
index 3e54e6f98d..30fe85ce04 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -40,6 +40,10 @@ Controllers.errors = require('./errors');
 Controllers.composer = require('./composer');
 
 Controllers.reset = function (req, res, next) {
+	if (meta.config['password:disableEdit']) {
+		return helpers.notAllowed(req, res);
+	}
+
 	res.locals.metaTags = {
 		...res.locals.metaTags,
 		name: 'robots',
@@ -120,6 +124,7 @@ Controllers.login = function (req, res, next) {
 	}]);
 	data.error = req.flash('error')[0] || errorText;
 	data.title = '[[pages:login]]';
+	data.allowPasswordReset = !meta.config['password:disableEdit'];
 
 	privileges.global.canGroup('local:login', 'registered-users', function (err, hasLoginPrivilege) {
 		if (err) {
diff --git a/src/socket.io/user.js b/src/socket.io/user.js
index 83274f66df..b3b9ef8492 100644
--- a/src/socket.io/user.js
+++ b/src/socket.io/user.js
@@ -100,6 +100,10 @@ SocketUser.reset.send = function (socket, email, callback) {
 		return callback(new Error('[[error:invalid-data]]'));
 	}
 
+	if (meta.config['password:disableEdit']) {
+		return callback(new Error('[[error:no-privileges]]'));
+	}
+
 	user.reset.send(email, function (err) {
 		events.log({
 			type: 'password-reset',