WordPress sends an email to the admin’s email when a user resets their password.
To get a notification when a user changes their password you could hook into the profile_update action which is fired when a user’s profile is updated.
When the action is fired WordPress has already validated and updated the user’s details we only need to check if the user submitted a password with the request, if it was submitted then the user’s password has changed.
function my_profile_update( $user_id ) {
if ( ! isset( $_POST['pass1'] ) || '' == $_POST['pass1'] ) {
return;
}
// password changed...
}
add_action( 'profile_update', 'my_profile_update' );