Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides

How to Force Users to Change Passwords in WordPress – Expire Password

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
How to Force Users to Change Passwords in WordPress – Expire Password

Do you want to force users to change passwords in WordPress? If you are worried that your WordPress security may have compromised, then you should reset all passwords immediately. In this article, we will show you how to force users to change passwords in WordPress by expiring their passwords after a given time period.

Force password change for all users in WordPress

When and Why Force WordPress Users to Change Passwords?

Many large organizations such as banks, government agencies, universities, require all users to change their passwords regularly. This prevents unauthorized access and prevents hackers from logging in with a stolen password.

If you run a multi-user WordPress site, then you should ask users to update passwords after a specific amount of time. We will show you how to set this up in WordPress later in this article.

On the other hand, if you recently noticed a suspicious activity on your WordPress site, then you should immediately expire all existing user passwords and ask users to update passwords.

Having said that, let’s see how you can expire passwords and force users to change passwords in WordPress.

Force Users to Change Passwords in WordPress

First thing you need to do is install and activate the Expire Passwords plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Users » Expire Passwords page to configure plugin settings.

Setup a policy to expire passwords

The first option on the settings page allows you to set number of days after which a user must change their password.

Next, you can select user roles on which this policy applies. Ideally, you should select all user roles except administrator. However, if you are not the only administrator on your website, then you should check administrators as well.

Don’t forget to click on the save changes button to store your settings.

Now when a user signs in after the specified period, they will be redirected to password reset screen.

Password reset screen

Quickly Expire All User Passwords in WordPress

The plugin we mentioned above allows you to set a password update policy for your website. However, sometimes due to a hacking attempt you may need to immediately reset all user passwords.

First you will need to install and activate the Emergency Password Reset plugin.

Upon activation, you need to visit Users » Emergency Password Reset page and click on ‘Reset All Passwords’ button.

Reset all passwords in WordPress

That’s all, the plugin will immediately reset passwords for all WordPress users including administrators. It will also send an email to all users with instructions to reset their passwords.

How to Manage WordPress Passwords

Stronger passwords are difficult to remember. We all have so many online accounts that it is impossible to use a unique password for each account and then remember all of them.

However, this excuse is not valid anymore since there are already apps and tools to manage all your passwords. Take a look at our guide on the best way to manage passwords for WordPress beginners.

Troubleshooting Tips

In case you are not receiving email notifications then please take a look at our guide on how to fix WordPress not sending email issue.

If you somehow can’t get inside WordPress admin area, then take a look at our guide on what to do when you are locked out of the WordPress admin area.

That’s all, we hope this article helped you learn how to force users to change passwords in WordPress. You may also want to see our ultimate WordPress security guide to help improve your website security.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.a

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »


  1. Millie Aveyard says:

    Very difficult for older people like me, to remember all the different passwords in their lives! Everything these days seem to have passwords of one form or another!

    Even if you write the passwords down in your little book, at the time you need the new password, you have left the little book in the car, and the roundabout starts once more!

    I can’t be the only one to have to stop and think about all the different passwords that I use each day!

    • WPBeginner Support says:

      Please see our guide on how to manage passwords for WordPress beginners. We use LastPass to store and manage all our passwords. It is a browser extension that sits in your web browser. It can save and automatically fill in your passwords for you. It can also generate strong passwords for you when you are creating a new account.

  2. Remi says:

    Very nice idea! It’s a great to give more security to the administration!

  3. Daniel says:

    Good post – I have now configured the plugin on my blog site. I would strongly recommend also the following:

    1) You remove the admin user altogether – here you create another user who has the admin role, login as them the delete the existing admin user; ensuring you click on the option to transfer admin’s previous posts to you
    2) The ‘admin’ ( role user) password is complex – use or similar
    3) finally, you must must,mus,t install the “Limit Login attempts” plugin … This is a work of genius and is regularly blocking the 10 or so attempts per day to login into my blog. Set long lockout times and get the plugin to email you (new admin user ) after 2 lockouts

  4. Navneet says:

    This is a very good post ……

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.