With high-profile companies like Yahoo, Uber, Equifax being hacked, it has become even more important to maintain a high level of security on all your websites and computer systems. Even if the web property doesn’t touch any internal sensitive system they should still be protected to prevent hackers from taking advantage of them.
One policy that many large organizations such as financial institutions, government agencies, universities have been using to maintain a high level of security is by requiring all users to change their passwords on a regular basis. Some enforce this by forcing users to change their passwords every 30 to 90 days. This prevents unauthorized access and prevents hackers from logging in with a stolen password.
If you run a multi-user WordPress site, then this post is for you, you should ask users to update passwords after a specific amount of time. In this post, we are going to cover how to set this up in WordPress later in this article.
Another scenario that will merit a change in passwords is when you detect suspicious activity on your website. With that covered, let’s see how you can expire passwords and force users to change passwords in WordPress.
Force Users to Change Passwords in WordPress
Thanks to the huge echo system of plugins in the WordPress community, we will be using a plugin to solve this problem as well. The first thing you need to do is install and activate the Expire Passwords plugin.
Once you have successfully activated the plugin, you need to visit Users » Expire Passwords page to configure plugin settings. The first option on the settings page allows you to set a number of days after which a user must change their password.
Next, you can select user roles to which this policy applies. Ideally, you should select all user roles except administrator. However, if you are not the only administrator on your website, then you should check administrators as well. Always remember to click on the save changes button to store your settings. After all, this is done, when a user signs in after the specified period, they will be redirected to password reset screen.
That’s it!. We have just covered how to force users to change their passwords after a specific period of time. All remember that you can feel free to leave any comments and questions in the comments section below.