Completely disabling password reset/recovery

I have a WordPress multisite. One of the sites has two users: me and the enduser.
There are multiple password reset attempts for the enduser, not initiated by him.

I block the IP in the firewall of the hosting server, but the attempts keep coming from different IP’s.

Every time this happens the endusers gets en e-mail, and he’s concerned about security.

So, I want to completely disable password recovery. Googling this returns a lot of howto’s, but for some reason, none of them work on my system.

What I tried:

Installing (and activating network-wide) the plugin Disable Password Reset by H3llas. Result: nothing changed. Password reset still works.

Installing Plainview Protect Passwords, blocking password reset for all users. Result: nothing changed. Password reset still works.

Editing functions.php of the child-theme of the site of the end user with below code:

Result: nothing changed. Password reset still works.

Editing functions.php with above code for the child-theme of the main site. Result: nothing changed. Password reset still works.

After each step I cleared the cache of WP Super Cache and my browser.

Any idea why non of these seem to work on my site?