Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

How to Force Users to Change Passwords in WordPress – Expire Password

Last updated on by
Follow WPBeginner on YouTube
How to Force Users to Change Passwords in WordPress – Expire Password

Everytime we have worked with a larger corporation, government contract, or even with an education institution, we have found ourselves having to change our passwords every so many days. Some are every 30 days, others are every 60 days, etc. The server admins like to force users to change passwords to enhance security. One of our users recently asked us if there was a way to force users to change passwords in WordPress? Doing a google search, we didn’t find anything. However, when searched for password expiration in WordPress, we found a few solutions. In this article, we will show you how to force users to change passwords in WordPress by expiring their password.

First thing you need to do is install and activate the plugin WordPress Password Expiry. Upon activation, you will see an ew admin menu created called Password Expiry. This area allows you to set password expiry period. It allows you set a custom error message such as “Your password has expired”. Lastly, it allows you to expire passwords for a specific group of users, or all users.

Password Expiry Screenshot

Once the password expire, the user would be required to click on the Reset link on the login page.

For those who don’t like having a user-interface for something like this, then there is another plugin called Expire User Passwords. It was coded by the team at a very popular Telegraph Magazine in UK. There is no options panel in the backend. You activate the plugin, and it forces ALL users to change their passwords every 30 days.

If you want to change the password expiration limit, then you would have to edit your wp-config.php file and add a define called ‘TMG_AEP_EXPIRY’. Set the value in the number of seconds for however many days you want.

Hopefully this article has helped you figure out how to force users to change passwords in WordPress by expiring their passwords.


Editorial Staff at WPBeginner is a team of WordPress lovers led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »
  • Ryan Hermann

    Good post.

    I will be looking into using the WordPress Password Expiry Plugin.

  • Remi

    Very nice idea! It’s a great to give more security to the administration!

  • Daniel

    Good post – I have now configured the plugin on my blog site. I would strongly recommend also the following:

    1) You remove the admin user altogether – here you create another user who has the admin role, login as them the delete the existing admin user; ensuring you click on the option to transfer admin’s previous posts to you
    2) The ‘admin’ ( role user) password is complex – use oninepasswordgenerator.com or similar
    3) finally, you must must,mus,t install the “Limit Login attempts” plugin … This is a work of genius and is regularly blocking the 10 or so attempts per day to login into my blog. Set long lockout times and get the plugin to email you (new admin user ) after 2 lockouts

  • Navneet

    This is a very good post ……