Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides

How to Force Users to Change Passwords in WordPress – Expire Password

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
How to Force Users to Change Passwords in WordPress – Expire Password

Most government, large corporations, and even educational institutions want their users to change passwords after a certain time period. This provides an additional security layer to protect their network and servers. They also want users on their WordPress sites to change passwords after every few months. In this article, we will show you how to force users to change passwords in WordPress by expiring their passwords after a given time period.

Force password change for all users in WordPress

First thing you need to do is install and activate the WP Password Policy Manager plugin. Upon activation, you need to visit Settings » Password Policies page to configure the plugin settings.

WordPress Password Policy Manager settings page

The first option on the settings page allows you to set number of days after which a user must change their password. After that there are options which allow you to enforce strong passwords.

You can set the minimum characters required in a password. You can also force users to use numbers and special characters in their passwords.

You can set the plugin to remember previous user passwords. This is useful incase a user forgets that they have changed their password. The plugin can then show them a notice that they are entering an older password which is no longer valid.

Lastly, ‘Reset All User’s Passwords’ button allows you to quickly reset passwords. This will immediately expire all user passwords in WordPress.

Don’t forget to click on the save changes button to store your settings.

How to Manage WordPress Passwords

Stronger passwords are difficult to remember. We all have so many online accounts that it is impossible to use a unique password for each account and then remember all of them.

However, this excuse is not valid anymore since there are already apps and tools to manage all your passwords. Take a look at our guide on the best way to manage passwords for WordPress beginners.

Troubleshooting Tips

In case you are not receiving email notifications then please take a look at our guide on how to fix WordPress not sending email issue.

Even though the plugin allows you to exempt any user from password policy. However, if you forgot to add your username or user role in the settings, then the plugin will force you to change password as well.

If you somehow can’t get inside WordPress admin area, then take a look at our guide on what to do when you are locked out of the WordPress admin area.

That’s all, we hope this article helped you learn how to force users to change passwords in WordPress. You may also want to see our list of 13 vital tips and hacks to protect WordPress admin area.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.a

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »


  1. Millie Aveyard says:

    Very difficult for older people like me, to remember all the different passwords in their lives! Everything these days seem to have passwords of one form or another!

    Even if you write the passwords down in your little book, at the time you need the new password, you have left the little book in the car, and the roundabout starts once more!

    I can’t be the only one to have to stop and think about all the different passwords that I use each day!

    • WPBeginner Support says:

      Please see our guide on how to manage passwords for WordPress beginners. We use LastPass to store and manage all our passwords. It is a browser extension that sits in your web browser. It can save and automatically fill in your passwords for you. It can also generate strong passwords for you when you are creating a new account.

  2. Remi says:

    Very nice idea! It’s a great to give more security to the administration!

  3. Daniel says:

    Good post – I have now configured the plugin on my blog site. I would strongly recommend also the following:

    1) You remove the admin user altogether – here you create another user who has the admin role, login as them the delete the existing admin user; ensuring you click on the option to transfer admin’s previous posts to you
    2) The ‘admin’ ( role user) password is complex – use or similar
    3) finally, you must must,mus,t install the “Limit Login attempts” plugin … This is a work of genius and is regularly blocking the 10 or so attempts per day to login into my blog. Set long lockout times and get the plugin to email you (new admin user ) after 2 lockouts

  4. Navneet says:

    This is a very good post ……

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.