Password Reset Enforcement

Enhance your WordPress website’s security by forcing users to reset their passwords.

Password Reset Enforcement is a simple yet powerful security plugin that allows site administrators to require users to update their passwords—ideal after a potential data breach, routine security checks, or during onboarding/offboarding processes.

Features

• Force password reset for all users, specific user roles, or individual users.
• Optional email notification to users with a direct reset link.
• Flexible login behavior:
  • Allow login before resetting: users log in with the old password, are immediately prompted to set a new one.
  • Block login until reset: users must reset their password before accessing the dashboard.
• Choose reset timing:
  • Immediately: forces logout and password reset on next login.
  • After session expiry: users are asked to reset after their current session ends.
• Multisite compatible (network-wide reset only).
• Optimized for performance on large-scale and enterprise WordPress installations.

Use Cases

• Responding to a security breach or suspected compromise.
• Enforcing routine password changes in corporate environments.
• Applying onboarding/offboarding security policies for teams or membership sites.

Compatibility

• Works on both single-site and multisite (network) WordPress setups.
• Supports PHP 7.4+ and WordPress 6.6 through 6.8.
• Compatible with modern WordPress admin experience.

Related Plugins

Looking for advanced password rules? Review Password Policy & Complexity Requirements plugin to enforce strong passwords, expiration cycles, and custom password policies.