Password Policy & Complexity Requirements – WordPress plugin PRO

Version: 2.1.2

Last updated: May 24, 2024

Secure access to your WordPress website by defining a password policy for your users. Say “no” to weak passwords!

PRO version starts at $39/year
Free version available on wordpress.org


Enforce your users to use
stronger passwords

Reduce the risk of your
website being hacked

Enforce healthy
password retention

What is this plugin for?

WordPress does not force users to define strong passwords. They can use whatever they want, even passwords that are easy to guess by bad actors – like “password”, “admin”, “123456”, etc. According to various reports, using weak passwords is a common practice and one of the biggest security threats in the world.

That can become a critical security vulnerability if users with a high level of permissions (like “administrator”), access to other users’ accounts, site settings, plugin management screens, etc., use weak passwords.

This plugin allows the site administrators to define password policies for site users and, therefore, enforce them to use passwords compliant with the defined policy. Each password policy can be applied to all users at once, specific users only, or users by role.

That will allow you to prevent your users from using weak passwords. With this plugin, you can define the password complexity rules, expiration rules, etc. See the list of all functionalities below.

Plugin features

Password rules can be turned on and off and customized
on the plugin settings page.

Enforce the minimum password length

Prevent your users from using short passwords, which are easier to guess and compromise.

Enforce the maximum password age

Enforce users to use their passwords no longer than for a defined period (i.e., one month).

Enforce the password complexity

Ensure that the user password contains uppercase and lowercase letters, digits, special characters, unique (non-repeated) characters, and no more than a few consecutive symbols from the user’s name.

Prevent passwords reuse PRO

If you want to enforce password storage, this feature can prevent users from reusing their previous passwords. This will mean they must create an entirely new password rather than using their “favorite” one.

Turn the policies on and off as needed PRO

Each password policy can be turned on and off, depending on your current needs. You can create as many password policies as you want.

Apply to all users at once

If you want to use the same password policy for all users, you can apply it to all your website users with a single toggle.

Apply to specific users only PRO

You can apply the password policy to specific users only. You might want to maintain a dedicated password policy for vendors, freelancers, or users with higher permissions… it’s all up to you!

Apply to users by role PRO

Password policy can be applied to all users with a given role – for example, administrators or editors. This will allow you to define a stronger policy for users with higher permissions.

Multisite support

This plugin can work on a single WordPress website and the WordPress network (aka. multisite).

Translation-ready

Easily translate all the plugin contents into your language using any tool.

How does this plugin work?

#1. What happens when user’s password is not compliant with the matching password policy?

There are two situations when this plugin checks if the user’s password complies with the matching password policy.

First case: when the user is logging in. After successful login, the user’s password is analyzed regarding compliance with the password policy. If a password is compliant, the user will not be interrupted; otherwise, they will be requested to reset their password and logged out of WordPress.

User will have to set a new password compliant with the password policy to log in to continue using their WordPress account.

Second case: the user is resetting their password using the “forgot password” form or in their user profile. In this case, a new password must comply with the matching password policy, and this plugin will not allow users to use non-compliant passwords.

#2. How is the password policy defined?

Password policies can be defined in the plugin settings page. You can define as many – or as little – policies as you need.

When creating a new policy, its settings are auto-populated with suggested rules and values, which you can freely adjust and customize.

Plugin screenshots

Choose your plan

All PRO plans includes: access to new features and updates, as well as support for one year. We provide 30-day money-back guarantee.

Free version

Create unlimited password policies
Apply policy to all users
Apply policy to specific users only
Apply policy to users by role
Prevent passwords reuse
Enforce the minimum password length, maximum password age, and password complexity
PRO updates and access to our premium support
Use on unlimited websites

Download for free
from WordPress.org

PRO version, 1 website

Create unlimited password policies
Apply policy to all users
Apply policy to specific users only
Apply policy to users by role
Prevent passwords reuse
Enforce the minimum password length, maximum password age, and password complexity
PRO updates and access to our premium support
Use on 1 website

$39

/ year (ex. VAT)

PRO version, unlimited websites

Create unlimited password policies
Apply policy to all users
Apply policy to specific users only
Apply policy to users by role
Prevent passwords reuse
Enforce the minimum password length, maximum password age, and password complexity
PRO updates and access to our premium support
Use on unlimited websites

$139

/ year (ex. VAT)

FAQ

Will this plugin work on my WordPress website?

This plugin is not dependent on any third-party library, plugin, or theme. It will work with any WordPress website unless it uses any solution that changes the login functionality behavior (like single sign-on, social login, no-password login, etc).

Does it work in my language?

This plugin is translation-ready, so you can use any of your plugins or tools to translate all of the plugin content into your language. By default, everything is written in English.

What are the technical requirements for running this plugin?

This plugin requires WordPress 6.5 or greater and PHP 8.0 or greater. This plugin requires no additional libraries to work, and there are no specific hosting requirements.

This plugin was tested up to WordPress 6.5 and PHP 8.3.

What is the refund policy?

We offer a no-risk 30-day money-back guarantee. If you are unsatisfied with this plugin for whatever reason (no questions asked), you are entitled to a full refund up to 30 days from your original purchase.

Is this plugin actively maintained?

Yes, this plugin is actively maintained and regularly tested against the newest WordPress core and PHP versions. See the changelog for more details.

What happens if I don’t renew the license?

You can keep using the plugin, but you won’t receive any updates, new features, or support.

The license will automatically renew next year unless you cancel it in the Customer Portal.

Do you have more questions?
Feel free to reach out to us: [email protected]

Teydea Studio logo

About Teydea Studio

This plugin is created and maintained by web engineering studio founded by Bartosz Gadomski – professional WordPress engineer with over 15 years of experience in wide range of projects.