How to Force Users to Change Passwords in WordPress – Expire Password

Everytime we have worked with a larger corporation, government contract, or even with an education institution, we have found ourselves having to change our passwords every so many days. Some are every 30 days, others are every 60 days, etc. The server admins like to force users to change passwords to enhance security. One of our users recently asked us if there was a way to force users to change passwords in WordPress? Doing a google search, we didn’t find anything. However, when searched for password expiration in WordPress, we found a few solutions. In this article, we will show you how to force users to change passwords in WordPress by expiring their password.

First thing you need to do is install and activate the plugin WordPress Password Expiry. Upon activation, you will see an ew admin menu created called Password Expiry. This area allows you to set password expiry period. It allows you set a custom error message such as “Your password has expired”. Lastly, it allows you to expire passwords for a specific group of users, or all users.

Once the password expire, the user would be required to click on the Reset link on the login page.

For those who don’t like having a user-interface for something like this, then there is another plugin called Expire User Passwords. It was coded by the team at a very popular Telegraph Magazine in UK. There is no options panel in the backend. You activate the plugin, and it forces ALL users to change their passwords every 30 days.

If you want to change the password expiration limit, then you would have to edit your wp-config.php file and add a define called ‘TMG_AEP_EXPIRY’. Set the value in the number of seconds for however many days you want.

Hopefully this article has helped you figure out how to force users to change passwords in WordPress by expiring their passwords.