Most government, large corporations, and even educational institutions want their users to change passwords after a certain time period. This provides an additional security layer to protect their network and servers. They also want users on their WordPress sites to change passwords after every few months. In this article, we will show you how to force users to change passwords in WordPress by expiring their passwords after a given time period.
First thing you need to do is install and activate the WP Password Policy Manager plugin. Upon activation, you need to visit Settings » Password Policies page to configure the plugin settings.
The first option on the settings page allows you to set number of days after which a user must change their password. After that there are options which allow you to enforce strong passwords.
You can set the minimum characters required in a password. You can also force users to use numbers and special characters in their passwords.
You can set the plugin to remember previous user passwords. This is useful incase a user forgets that they have changed their password. The plugin can then show them a notice that they are entering an older password which is no longer valid.
Lastly, ‘Reset All User’s Passwords’ button allows you to quickly reset passwords. This will immediately expire all user passwords in WordPress.
Don’t forget to click on the save changes button to store your settings.
How to Manage WordPress Passwords
Stronger passwords are difficult to remember. We all have so many online accounts that it is impossible to use a unique password for each account and then remember all of them.
However, this excuse is not valid anymore since there are already apps and tools to manage all your passwords. Take a look at our guide on the best way to manage passwords for WordPress beginners.
In case you are not receiving email notifications then please take a look at our guide on how to fix WordPress not sending email issue.
Even though the plugin allows you to exempt any user from password policy. However, if you forgot to add your username or user role in the settings, then the plugin will force you to change password as well.
That’s all, we hope this article helped you learn how to force users to change passwords in WordPress. You may also want to see our list of 13 vital tips and hacks to protect WordPress admin area.