Password Reset Enforcement

الوصف

Enhance your WordPress website’s security by forcing users to reset their passwords.

Password Reset Enforcement is a simple yet powerful security plugin that allows site administrators to require users to update their passwords—ideal after a potential data breach, routine security checks, or during onboarding/offboarding processes.

Features

• Force password reset for all users, specific user roles, or individual users.
• Optional email notification to users with a direct reset link.
• Flexible login behavior:
  • Allow login before resetting: users log in with the old password, are immediately prompted to set a new one.
  • Block login until reset: users must reset their password before accessing the dashboard.
• Choose reset timing:
  • Immediately: forces logout and password reset on next login.
  • After session expiry: users are asked to reset after their current session ends.
• WP-CLI support for command-line password management and automation.
• Multisite compatible (network-wide reset only).
• Optimized for performance on large-scale and enterprise WordPress installations.

Use Cases

• Responding to a security breach or suspected compromise.
• Enforcing routine password changes in corporate environments.
• Applying onboarding/offboarding security policies for teams or membership sites.

Compatibility

• Works on both single-site and multisite (network) WordPress setups.
• Supports PHP 7.4+ and WordPress 6.6 through 6.8.
• Compatible with modern WordPress admin experience.

WP-CLI Commands

This plugin provides WP-CLI commands for automated password reset management:

Force Password Reset
wp password-reset-enforcement force [–to_all] [–to_roles=] [–to_users=] [–applicability=] [–with_email] [–with_current_password_allowed] [–limit=] [–paged=]

Clear Password Reset Enforcement
wp password-reset-enforcement clear [–to_all] [–to_roles=] [–to_users=] [–limit=] [–paged=]

List Users with Enforced Password Reset
wp password-reset-enforcement list [–limit=] [–paged=]

Check Password Reset Status
wp password-reset-enforcement status [–to_all] [–to_roles=] [–to_users=] [–limit=] [–paged=]

Command Options

• --to_all: Target all users on the site
• --to_roles=<roles>: Comma-separated list of user roles (e.g., editor,administrator)
• --to_users=<user_ids>: Comma-separated list of specific user IDs (e.g., 1,5,10)
• --applicability=<when>: When reset takes effect (immediately, after_session_expiry)
• --with_email: Send email notifications to affected users (default: true)
• --with_current_password_allowed: Allow users to reuse current password (default: false)
• --limit=<number>: Maximum users to process in single operation
• --paged=<page>: Page number for pagination

Command Examples

wp password-reset-enforcement force --to_all
wp password-reset-enforcement force --to_roles=editor,administrator --applicability=after_session_expiry
wp password-reset-enforcement clear --to_users=1,5,10
wp password-reset-enforcement list --limit=50 --paged=2
wp password-reset-enforcement status --to_all --limit=50 --paged=2<h3>Related Plugins</h3>

Want to go beyond forced password resets? Check our WP Password Policy plugin to enforce strong password rules, block weak passwords, and set automatic expiry policies — so you’ll never need to force a password reset again. [https://wordpress.org/plugins/password-requirements/](Free version available on WordPress.org).