Password Reset Enforcement

This plugin allows you to force users of your WordPress website to reset their passwords. This is useful if you want to enforce a password retention, or in case of a user data breach.

Password reset can be enforced for all users at once (note: account of the user who initiate the action will always be excluded from the processing), or: for all users in a given role, and/or specific users (chosen by their user login or display name).

This plugin can be enabled on a single site, or WordPress multisite (network) installation – in the latter case, you can only enforce all users at once (filtering per role and per user is not available).

Available options

• Decide whether or not users should receive an email with the password reset link.
• Decide whether or not users should be allowed to initiate the password reset process using their current passwords. If checked (enabled), users will be able to log in (using their current passwords) and will be redirected to the “set new password” form immediately after successful login and logged-out (so that the only action they can take is to set the new password). If unchecked (disabled), users will not be able to log in using their current password – they will be logged out immediately, and redirected to the “reset password” form, where they will have to provide their user name or email, and initiate the “full” password reset process.
• Decide when should the password be reset. Choose “After current session expiry” to force users to reset their passwords after their current session expires. Choose “Immediately” to force logout of chosen users.

This plugin is optimized to work on a sites with large number of users (enterprise-scale).

Other security plugins of ours

Check the Password Policy WordPress plugin to enforce secure password policy for your users and define healthy password retention.