How to Force Users to Change Passwords in WordPress – Expire Password
Do you want to force users to change passwords in WordPress? If you are worried that your WordPress security may have compromised, then you should reset all passwords immediately. In this article, we will show you how to force users to change passwords in WordPress by expiring their passwords after a given time period.
When and Why Force WordPress Users to Change Passwords?
Many large organizations such as banks, government agencies, universities, require all users to change their passwords regularly. This prevents unauthorized access and prevents hackers from logging in with a stolen password.
If you run a multi-user WordPress site, then you should ask users to update passwords after a specific amount of time. We will show you how to set this up in WordPress later in this article.
On the other hand, if you recently noticed a suspicious activity on your WordPress site, then you should immediately expire all existing user passwords and ask users to update passwords.
Having said that, let’s see how you can expire passwords and force users to change passwords in WordPress.
Force Users to Change Passwords in WordPress
First thing you need to do is install and activate the Expire Passwords plugin. For more details, see our step by step guide on how to install a WordPress plugin.
Upon activation, you need to visit Users » Expire Passwords page to configure plugin settings.
The first option on the settings page allows you to set number of days after which a user must change their password.
Next, you can select user roles on which this policy applies. Ideally, you should select all user roles except administrator. However, if you are not the only administrator on your website, then you should check administrators as well.
Don’t forget to click on the save changes button to store your settings.
Now when a user signs in after the specified period, they will be redirected to password reset screen.
Quickly Expire All User Passwords in WordPress
The plugin we mentioned above allows you to set a password update policy for your website. However, sometimes due to a hacking attempt you may need to immediately reset all user passwords.
First you will need to install and activate the Emergency Password Reset plugin.
Upon activation, you need to visit Users » Emergency Password Reset page and click on ‘Reset All Passwords’ button.
That’s all, the plugin will immediately reset passwords for all WordPress users including administrators. It will also send an email to all users with instructions to reset their passwords.
How to Manage WordPress Passwords
Stronger passwords are difficult to remember. We all have so many online accounts that it is impossible to use a unique password for each account and then remember all of them.
However, this excuse is not valid anymore since there are already apps and tools to manage all your passwords. Take a look at our guide on the best way to manage passwords for WordPress beginners.
In case you are not receiving email notifications then please take a look at our guide on how to fix WordPress not sending email issue.
If you somehow can’t get inside WordPress admin area, then take a look at our guide on what to do when you are locked out of the WordPress admin area.
That’s all, we hope this article helped you learn how to force users to change passwords in WordPress. You may also want to see our ultimate WordPress security guide to help improve your website security.