Àpèjúwe
WP Password Policy lets you define and enforce password policies for all users on your WordPress site.
Set rules for password length, complexity (uppercase, lowercase, digits, special characters), restricted characters, password expiration, and more. The plugin validates passwords on login, registration, password changes, and during active sessions Ìtumọ̀ Yorùbá: — automatically redirecting users to reset non-compliant passwords.
Key benefits:
- Enforce password length and complexity rules from a single settings page.
- Set password expiration to ensure users update their passwords regularly.
- Require users to confirm their current password before making changes.
- Compatible with WordPress multisite networks.
Whether you manage a personal blog, a membership site, or a multisite network, WP Password Policy helps you maintain consistent password standards across all user accounts.
Learn more at wppasswordpolicy.com.
Why password policies matter
Weak passwords remain one of the most common entry points for unauthorized access to WordPress sites. Enforcing password rules helps reduce this risk and supports compliance with security best practices.
Features
Free Features
- Minimum password length Ìtumọ̀ Yorùbá: — Set and enforce the minimum number of characters for user passwords.
- Maximum password length Ìtumọ̀ Yorùbá: — Limit password length to prevent denial-of-service attacks caused by hashing very long passwords.
- Password complexity rules Ìtumọ̀ Yorùbá: — Require a mix of uppercase letters, lowercase letters, digits, special characters, and a minimum number of unique characters.
- Consecutive username symbols Ìtumọ̀ Yorùbá: — Restrict how many consecutive characters from the username can appear in the password.
- Restricted characters Ìtumọ̀ Yorùbá: — Block specific characters from being used in passwords.
- Maximum password age Ìtumọ̀ Yorùbá: — Force users to update their passwords periodically (e.g., every 30 days).
- Minimum password age Ìtumọ̀ Yorùbá: — Prevent users from changing their password too frequently, discouraging rapid cycling back to an old password.
- Require current password Ìtumọ̀ Yorùbá: — Add a “Current Password” field to the user profile screen and validate it before allowing password changes.
- Custom password hints Ìtumọ̀ Yorùbá: — Replace the default WordPress password hint with a policy-specific hint based on active rules.
- Site Health integration Ìtumọ̀ Yorùbá: — A Site Health test reports whether your plugin settings are properly configured.
- Multisite/network support Ìtumọ̀ Yorùbá: — Works with both standard and multisite WordPress installations.
- AI integration Ìtumọ̀ Yorùbá: — On WordPress 6.9+ with the MCP Adapter plugin, list, configure, and delete password policies through natural language commands from any connected AI provider.
- Translation-ready Ìtumọ̀ Yorùbá: — Localize the plugin into any language.
PRO Features
- Prevent password reuse Ìtumọ̀ Yorùbá: — Block users from reusing their previous passwords, encouraging new, unique passwords every time.
- Custom password policies per role or user Ìtumọ̀ Yorùbá: — Assign different password rules for administrators, editors, WooCommerce customers, or specific users.
- Block common, weak passwords Ìtumọ̀ Yorùbá: — Over 100,000 common passwords are blocked, preventing users from choosing easy-to-guess passwords.
- Integrations:
- WooCommerce integration Ìtumọ̀ Yorùbá: — Enforce password policies on WooCommerce login, registration, checkout account creation (including Store API), account details, password change, and password reset forms. Replaces WooCommerceÌtumọ̀ Yorùbá: ’s built-in password strength meter with your policy rules.
- Ultimate Member integration Ìtumọ̀ Yorùbá: — Enforce password policies within Ultimate Member registration, login, password reset, and password change forms. Disables Ultimate MemberÌtumọ̀ Yorùbá: ’s built-in password strength option to avoid conflicts.
- Tutor LMS integration Ìtumọ̀ Yorùbá: — Enforce password policies on Tutor LMS student and instructor registration, login, password change, and password reset forms.
- LifterLMS integration Ìtumọ̀ Yorùbá: — Enforce password policies on LifterLMS registration (including checkout), account password change, and password reset forms. Replaces LifterLMSÌtumọ̀ Yorùbá: ’s built-in password strength meter with your policy rules.
- LearnPress integration Ìtumọ̀ Yorùbá: — Enforce password policies on LearnPress registration, login, and password change forms.
- Priority support and updates Ìtumọ̀ Yorùbá: — Get premium email support and updates.
Learn more about the PRO version at wppasswordpolicy.com/pricing.
Video Tutorial
See the plugin in action:
Related Plugins
Looking for a way to force users to reset their passwords immediately? Check our Password Reset Enforcement plugin Ìtumọ̀ Yorùbá: — it lets you require password resets site-wide, by role, or for individual users, with WP-CLI support for automation.
Àwọn àwòrán ìbòjú
Password policy configuration overview. 
Customizable password policy rules. 
Password policy rules can be adjusted as needed. 
Enforcement on user password forms.
Ìgbéwọlẹ̀
- Upload the
password-requirementsdirectory to/wp-content/plugins/, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the “Plugins” menu in WordPress.
- Go to “Settings” > “WP Password Policy” to configure your password policy.
- Enable the rules you need, adjust their settings, and save. Your password policy is now active.
FAQ
-
How do I access the settings?
-
After activation, go to “Settings” > “WP Password Policy” in the WordPress admin. The settings page lets you enable or disable individual rules and configure their values.
-
What happens when a userÌtumọ̀ Yorùbá: ’s password does not meet the policy?
-
On login, the user is redirected to the password reset form. On password change or registration, a clear error message explains which rules the password does not meet.
-
Does this plugin work with WooCommerce?
-
WooCommerce integration is available in the PRO version. It enforces password policies on WooCommerce login, registration, checkout account creation (including Store API), account details, password change, and password reset forms. It also replaces WooCommerceÌtumọ̀ Yorùbá: ’s built-in password strength meter with your policy rules.
-
Does it work with LMS plugins like LifterLMS, Tutor LMS, or LearnPress?
-
Yes. The PRO version includes integrations for LifterLMS, Tutor LMS, and LearnPress. Password policies are enforced on registration, login, and password change forms within these plugins. See the integrations page for details.
-
Is the plugin compatible with WordPress multisite?
-
Yes. WP Password Policy supports both standard WordPress installations and multisite networks.
-
Can I set different password rules for different user roles?
-
Yes, with the PRO version you can create multiple password policies and assign them to specific user roles or individual users.
-
What is the difference between the free and PRO versions?
-
The free version provides a single global password policy with length, complexity, age, restricted characters, and current password requirements. The PRO version adds per-role and per-user policies, password reuse prevention, a blocklist of over 100,000 common passwords, and integrations with WooCommerce, Ultimate Member, LifterLMS, Tutor LMS, and LearnPress. See the pricing page for details.
Àwọn àgbéyẹ̀wò
Àwọn Olùkópa & Olùgbéejáde
“WP Password Policy” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa sí plugin yìí.
Àwọn Olùkópa
Túmọ̀ “WP Password Policy” sí èdè rẹ.
Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?
Ṣàwárí koodu, ṣàyẹ̀wò ibi ìpamọ́ SVN, tàbí ṣe àgbékalẹ̀ sí àkọsílẹ̀ ìdàgbàsókè nípasẹ̀ RSS.
Àkọsílẹ̀ àwọn àyípadà
3.6.1 (2026-03-20)
- Plugin icon and assets updated
- Security hardening Ìtumọ̀ Yorùbá: – added missing escaping
- Dependencies updated
3.6.0 (2026-03-14)
- Abilities API implemented: password policies are now available in WordPress MCP server
- Direct access protection added to all PHP files
- Dependencies updated
- Formatting updates
- Unnecessary translation files removed since these are loaded from WordPress.org
- Do not hardcode
wp-login.phppath for login form - Code improvements
3.5.0 (2026-01-28)
- Support for restricting certain characters in passwords implemented
- Dependencies updated
- Code improvements
3.4.1 (2026-01-12)
- Harden handling of the “allow_password_reset” filter to improve compatibility with third-party plugins
3.4.0 (2025-11-28)
- Compatibility with WordPress 6.9 confirmed
- Dependencies updated
- Code improvements
3.3.0 (2025-09-19)
- New feature: require users to provide their current password before changing it
- New feature: added the ability to exclude certain users from being covered by the password policy (through PHP filter); this is useful when certain users are managed externally and we donÌtumọ̀ Yorùbá: ’t want to enforce the password policy on them (for example: users who log in through an SSO provider)
- Compliance checks against the password policy refactored to avoid having duplicated logic in various modules
- Dependencies updated
- Code improvements
3.2.2 (2025-07-24)
- Dependencies updated
- Code improvements
3.2.1 (2025-07-04)
- PluginÌtumọ̀ Yorùbá: ’s readme.txt file updated
3.2.0 (2025-07-01)
- Network activation process improved
- Password expiry check on user interaction improved
- Automated, conditional logout after plugin settings changes are saved implemented for current user affected by the new policy
- Plugin container loader optimized to avoid duplicated instantiations
- Plugin name updated to avoid confusion, now matching the projectÌtumọ̀ Yorùbá: ’s name
- Dependencies updated
- Code improvements
3.1.1 (2025-04-25)
- Issue with nonce in the password reset form on password expiry fixed
- Settings screen style improvements
- Dependencies updated
- Code improvements
(For older records, see the changelog.txt file).