Description

Enhance your WordPress website’s security by forcing users to reset their passwords.

Password Reset Enforcement is a simple yet powerful security plugin that allows site administrators to require users to update their passwords—ideal after a potential data breach, routine security checks, or during onboarding/offboarding processes.

Features

Force password reset for all users, specific user roles, or individual users.
Optional email notification to users with a direct reset link.
Flexible login behavior:
- Allow login before resetting: users log in with the old password, are immediately prompted to set a new one.
- Block login until reset: users must reset their password before accessing the dashboard.
Choose reset timing:
- Immediately: forces logout and password reset on next login.
- After session expiry: users are asked to reset after their current session ends.
Multisite compatible (network-wide reset only).
Optimized for performance on large-scale and enterprise WordPress installations.

Use Cases

Responding to a security breach or suspected compromise.
Enforcing routine password changes in corporate environments.
Applying onboarding/offboarding security policies for teams or membership sites.

Compatibility

Works on both single-site and multisite (network) WordPress setups.
Supports PHP 7.4+ and WordPress 6.6 through 6.8.
Compatible with modern WordPress admin experience.

Related Plugins

Looking for advanced password rules? Review Password Policy & Complexity Requirements plugin to enforce strong passwords, expiration cycles, and custom password policies.

Screenshots

Force password reset for all users.
Target users by role, username, or display name.

Installation

Upload the plugin to the /wp-content/plugins/ directory or install via the WordPress admin panel.
Activate the plugin.
Go to Settings Password Reset Enforcement to initiate resets.

FAQ

Will this log users out immediately?: Only if you choose the “Immediately” option. Otherwise, users will be asked to reset after their current session expires.
Is it compatible with other login plugins or 2FA solutions?: Yes, Password Reset Enforcement is designed for compatibility and works well alongside popular authentication and security plugins.
Can I use this on a WooCommerce site?: Absolutely. Works seamlessly with WooCommerce and other membership or eCommerce platforms.

Reviews

Miikka 22. okt 2024 1 reply

Would like that the user list auto-completes or searches the users. Pressing enter on the settings page turned to page gray without any indication what may have happened. Allow a save button to save settings before executing action.

Read all 1 review

Contributors & Developers

“Password Reset Enforcement” is open source software. The following people have contributed to this plugin.

“Password Reset Enforcement” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “Password Reset Enforcement” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.10.2 (2025-05-08)

Plugin links and references to TeydeaStudio updated
Dependencies updated

1.10.1 (2025-04-04)

Compatibility with WordPress 6.8 confirmed
Issue of requesting the translated string too early fixed
Dependencies updated
Code improvements

1.10.0 (2025-02-21)

Dependencies updated
Code improvements

1.9.0 (2024-12-13)

Dependencies updated
Code improvements

1.8.0 (2024-11-08)

Custom capabilities for managing the plugin settings implemented
Compatibility with WordPress 6.7 confirmed
Dependencies updated
Code improvements

1.7.2 (2024-10-25)

JS dependency map and tree-shaking optimized

1.7.1 (2024-10-23)

Add missing Cache utility class

1.7.0 (2024-10-17)

Language mapping file added for easier generation of JSON translation files
Language files updated for Polish translation
Add caching to user roles getter function, along with proper cache invalidation, to improve the plugin’s performance
Dependencies updated
Code improvements

1.6.0 (2024-08-30)

Required WordPress core version bumped to 6.6 to use the new React JSX runtime package
Compatibility with older version of PHP (7.4) implemented
Plugin container implementation improved
Plugin settings page implementation improved
Dependencies updated
Code improvements

1.5.0 (2024-07-11)

Settings page redesigned
Dependencies updated
Code improvements

(For older records, see the changelog.txt file).