When your website gets hacked, it is recommended that you reset password for all users. This can take a long time if you have a lot of users. In this article, we will show you how to reset passwords for all users in WordPress and automatically notify them about their new passwords via email.
First thing you need to do is install and activate the Emergency Password Reset plugin. Once you have activated the plugin, you can go to Users » Emergency Password Reset and click on the Reset all passwords button. The plugin will automatically reset passwords for all users (including the admin user who initiated the password reset). It will also send an email to all users containing their new password.
If for some reason, the user does not get their password in the email, then they can easily recover it. All they need to do is click on the Lost your password link on the login page. We have a detailed tutorial on how to recover your password in WordPress.
After resetting all passwords, we recommend that you change your WordPress security key also known as SALTs. Learn more about WordPress Security Keys and how to change them. Changing the security key will end all sessions for logged in users, so if a hacked user was logged in, then they will automatically be logged out.
How to Improve WordPress Login Security
There are a lot of things you can do to improve your WordPress login security. First thing would be to force strong passwords. You can also add an extra layer of security by password protecting your WordPress admin (wp-admin) directory. Another common technique used by hackers is to run scripts that use random passwords in an attempt to crack your WordPress password. One possible solution to slow down most (if not all) such attacks is by limiting login attempts. Another thing you can do is add Google Authenticator’s 2-Step verification to your site.
Last but not least, you can start using Sucuri. Here are 5 reasons why we use Sucuri.
We hope that this article helped you learn how to reset passwords for all users in WordPress. Note, this is not the same as expiring user passwords after a certain period of time. For feedback and questions, please leave a comment below.