Currently, all users (including active,incomplete,trash,approval) can click on remind password link in login page, then enter their email and they get an email to change their password. They will receive an email to inform them to login with the new password. Obviously only active users can do that.
Solution: Go to includes/controllers/remind.inc.php
Find:Change to:Code:Only registered members can view the code.Code:Only registered members can view the code.