diff --git a/core/modules/user/src/Form/UserPasswordForm.php b/core/modules/user/src/Form/UserPasswordForm.php
index 4d5a012..3308238 100644
--- a/core/modules/user/src/Form/UserPasswordForm.php
+++ b/core/modules/user/src/Form/UserPasswordForm.php
@@ -111,14 +111,20 @@ public function buildForm(array $form, FormStateInterface $form_state) {
   public function validateForm(array &$form, FormStateInterface $form_state) {
     $name = trim($form_state->getValue('name'));
     // Try to load by email.
-    $users = $this->userStorage->loadByProperties(array('mail' => $name, 'status' => '1'));
+    $users = $this->userStorage->loadByProperties(array('mail' => $name));
     if (empty($users)) {
       // No success, try to load by name.
-      $users = $this->userStorage->loadByProperties(array('name' => $name, 'status' => '1'));
+      $users = $this->userStorage->loadByProperties(array('name' => $name));
     }
     $account = reset($users);
     if ($account && $account->id()) {
-      $form_state->setValueForElement(array('#parents' => array('account')), $account);
+      // Blocked accounts cannot request a new password.
+      if ($account->isBlocked()) {
+        $form_state->setErrorByName('name', $this->t('%name is blocked or has not been activated yet.', array('%name' => $name)));
+      }
+      else {
+        $form_state->setValueForElement(array('#parents' => array('account')), $account);
+      }
     }
     else {
       $form_state->setErrorByName('name', $this->t('Sorry, %name is not recognized as a username or an email address.', array('%name' => $name)));
diff --git a/core/modules/user/src/Tests/UserPasswordResetTest.php b/core/modules/user/src/Tests/UserPasswordResetTest.php
index b0f91be..a54b3dc 100644
--- a/core/modules/user/src/Tests/UserPasswordResetTest.php
+++ b/core/modules/user/src/Tests/UserPasswordResetTest.php
@@ -125,6 +125,15 @@ function testUserPasswordReset() {
     $blocked_account->save();
     $this->drupalGet("user/reset/" . $blocked_account->id() . "/$timestamp/" . user_pass_rehash($blocked_account->getPassword(), $timestamp, $blocked_account->getLastLoginTime()));
     $this->assertResponse(403);
+
+    // Verify a blocked user can not request a new password.
+    $this->drupalGet('user/password');
+    // Count email messages before to compare with after.
+    $before = count($this->drupalGetMails(array('id' => 'user_password_reset')));
+    $edit = array('name' => $blocked_account->getUsername());
+    $this->drupalPostForm(NULL, $edit, t('Email new password'));
+    $this->assertRaw(t('%name is blocked or has not been activated yet.', array('%name' => $blocked_account->getUsername())), 'Notified user blocked accounts can not request a new password');
+    $this->assertTrue(count($this->drupalGetMails(array('id' => 'user_password_reset'))) === $before, 'No email was sent when requesting password reset for a blocked account');
   }
 
   /**