WP Password Policy

WP Password Policy is the ultimate solution for WordPress administrators who want to ensure users always use strong, secure passwords. Protect your site from brute-force attacks, compromised credentials, and weak password practices by setting robust, customizable password policies. Key benefits:

• Reduce risk of unauthorized access.
• Promote strong password hygiene.
• Comply with security best practices for WordPress, eCommerce, and multisite networks.
• Simple setup, flexible controls, and seamless integration.

Features at a glance:

• Enforce minimum password length and complexity.
• Set password expiration/maximum password age.
• Prevent use of common, weak passwords (PRO).
• Support for multisite networks.
• Support for WooCommerce (PRO).
• Define policies by user roles or individual users (PRO).
• Prevent password reuse (PRO).
• Translation-ready and easy to use.

Discover more at wppasswordpolicy.com. Why strong password policies matter Weak passwords are one of the most common causes of WordPress site hacks. By enforcing strong password rules, you reduce the chances of data breaches, unauthorized access, and compliance issues. Whether you run a single blog, manage client sites, or operate a WooCommerce store, this plugin helps you protect your users and business.

3.2.2 (2025-07-24)

• Dependencies updated
• Code improvements

3.2.1 (2025-07-04)

• Plugin's readme.txt file updated

3.2.0 (2025-07-01)

• Network activation process improved
• Password expiry check on user interaction improved
• Automated, conditional logout after plugin settings changes are saved implemented for current user affected by the new policy
• Plugin container loader optimized to avoid duplicated instantiations
• Plugin name updated to avoid confusion, now matching the project's name
• Dependencies updated
• Code improvements

3.1.1 (2025-04-25)

• Issue with nonce in the password reset form on password expiry fixed
• Settings screen style improvements
• Dependencies updated
• Code improvements

3.1.0 (2025-04-04)

• Compatibility with WordPress 6.8 confirmed
• Issue of requesting the translated string too early fixed
• Ability to configure maximum password length introduced; allows to prevent denial-of-service attacks caused by hashing too long passwords
• Dependencies updated
• Code improvements

3.0.0 (2025-02-21)

• The scenario where a user's password does not comply with the policy for reasons other than the minimum age, and the password age is unknown because the user has not changed the password since this plugin has been enabled, is now handled correctly
• Integration with new account registration form improved
• Password hint generation logic improved
• Dependencies updated
• Code improvements

2.7.1 (2024-11-25)

• Plugin now checks whether the PRO version is activated; in case if it is, it stops loading itself
• Uninstall file removed as it was out of date and could conflict with the PRO version of the plugin

2.7.0 (2024-11-08)

• Custom capabilities for managing the plugin settings implemented
• Compatibility with WordPress 6.7 confirmed
• Dependencies updated
• Code improvements

2.6.1 (2024-10-25)

• JS dependency map and tree-shaking optimized
• PHP 7.4 compatibility fixes implemented

2.6.0 (2024-10-17)

• Fix blog switching bug in WordPress Multisite (Network) installations
• Add caching to user roles getter function, along with proper cache invalidation, to improve the plugin's performance
• Language mapping file added for easier generation of JSON translation files
• Dependencies updated
• Code improvements (For older records, see the changelog.txt file).