Descripción

Enhance your WordPress website’s security by forcing users to reset their passwords.

Password Reset Enforcement is a simple yet powerful security plugin that allows site administrators to require users to update their passwords—ideal after a potential data breach, routine security checks, or during onboarding/offboarding processes.

Features

Force password reset for all users, specific user roles, or individual users.
Optional email notification to users with a direct reset link.
Flexible login behavior:
- Allow login before resetting: users log in with the old password, are immediately prompted to set a new one.
- Block login until reset: users must reset their password before accessing the dashboard.
Choose reset timing:
- Immediately: forces logout and password reset on next login.
- After session expiry: users are asked to reset after their current session ends.
WP-CLI support for command-line password management and automation.
Multisite compatible (network-wide reset only).
Optimized for performance on large-scale and enterprise WordPress installations.

Use Cases

Responding to a security breach or suspected compromise.
Enforcing routine password changes in corporate environments.
Applying onboarding/offboarding security policies for teams or membership sites.

Compatibility

Works on both single-site and multisite (network) WordPress setups.
Supports PHP 7.4+ and WordPress 6.6 through 6.8.
Compatible with modern WordPress admin experience.

WP-CLI Commands

This plugin provides WP-CLI commands for automated password reset management:

Force Password Reset
wp password-reset-enforcement force [–to_all] [–to_roles=] [–to_users=] [–applicability=] [–with_email] [–with_current_password_allowed] [–limit=] [–paged=]

Clear Password Reset Enforcement
wp password-reset-enforcement clear [–to_all] [–to_roles=] [–to_users=] [–limit=] [–paged=]

List Users with Enforced Password Reset
wp password-reset-enforcement list [–limit=] [–paged=]

Check Password Reset Status
wp password-reset-enforcement status [–to_all] [–to_roles=] [–to_users=] [–limit=] [–paged=]

Command Options

--to_all: Target all users on the site
--to_roles=<roles>: Comma-separated list of user roles (e.g., editor,administrator)
--to_users=<user_ids>: Comma-separated list of specific user IDs (e.g., 1,5,10)
--applicability=<when>: When reset takes effect (immediately, after_session_expiry)
--with_email: Send email notifications to affected users (default: true)
--with_current_password_allowed: Allow users to reuse current password (default: false)
--limit=<number>: Maximum users to process in single operation
--paged=<page>: Page number for pagination

Command Examples

wp password-reset-enforcement force --to_all
wp password-reset-enforcement force --to_roles=editor,administrator --applicability=after_session_expiry
wp password-reset-enforcement clear --to_users=1,5,10
wp password-reset-enforcement list --limit=50 --paged=2
wp password-reset-enforcement status --to_all --limit=50 --paged=2<h3>Related Plugins</h3>

Want to go beyond forced password resets? Check our WP Password Policy plugin to enforce strong password rules, block weak passwords, and set automatic expiry policies — so you’ll never need to force a password reset again. [https://wordpress.org/plugins/password-requirements/](Free version available on WordPress.org).

Capturas

Force password reset for all users.
Target users by role, username, or display name.
Process the action.

Instalación

Upload the plugin to the /wp-content/plugins/ directory or install via the WordPress admin panel.
Activate the plugin.
Go to Settings Password Reset Enforcement to initiate resets.

FAQ

Will this log users out immediately?: Only if you choose the “Immediately” option. Otherwise, users will be asked to reset after their current session expires.
Is it compatible with other login plugins or 2FA solutions?: Yes, Password Reset Enforcement is designed for compatibility and works well alongside popular authentication and security plugins.
Can I use this on a WooCommerce site?: Absolutely. Works seamlessly with WooCommerce and other membership or eCommerce platforms.
Does this plugin support WP-CLI?: Yes! The plugin includes comprehensive WP-CLI commands for forcing password resets, clearing enforcement, and checking status. Perfect for automation, server management, and bulk operations.

Reseñas

delemo 24 de junio de 2025 1 respuesta

After suspecting a malicious attempt on my website, I needed to force several administrators to reset their passwords. This plugin made my job much easier.

Miikka 22 de octubre de 2024 1 respuesta

Would like that the user list auto-completes or searches the users. Pressing enter on the settings page turned to page gray without any indication what may have happened. Allow a save button to save settings before executing action.

Leer todas las 2 reseñas

Colaboradores y desarrolladores

«Password Reset Enforcement» es un software de código abierto. Las siguientes personas han colaborado con este plugin.

«Password Reset Enforcement» ha sido traducido a 1 idioma local. Gracias a los traductores por sus contribuciones.

Traduce «Password Reset Enforcement» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

1.11.0 (2025-10-31)

Direct links to force password reset has been added to the Users page along with bulk action
Clear indicators that a password reset has been enforced for a given user has been added to the Users and User Profile screens
User selector component has been improved
WP-CLI commands have been added, allowing power users to force password reset, clear the enforcement, check the status, and list users for whom the password reset has been enforced
Dependencies updated
Code improvements

1.10.2 (2025-05-08)

Plugin links and references to Teydea Studio updated
Dependencies updated

1.10.1 (2025-04-04)

Compatibility with WordPress 6.8 confirmed
Issue of requesting the translated string too early fixed
Dependencies updated
Code improvements

1.10.0 (2025-02-21)

Dependencies updated
Code improvements

1.9.0 (2024-12-13)

Dependencies updated
Code improvements

1.8.0 (2024-11-08)

Custom capabilities for managing the plugin settings implemented
Compatibility with WordPress 6.7 confirmed
Dependencies updated
Code improvements

1.7.2 (2024-10-25)

JS dependency map and tree-shaking optimized

1.7.1 (2024-10-23)

Add missing Cache utility class

1.7.0 (2024-10-17)

Language mapping file added for easier generation of JSON translation files
Language files updated for Polish translation
Add caching to user roles getter function, along with proper cache invalidation, to improve the plugin’s performance
Dependencies updated
Code improvements

1.6.0 (2024-08-30)

Required WordPress core version bumped to 6.6 to use the new React JSX runtime package
Compatibility with older version of PHP (7.4) implemented
Plugin container implementation improved
Plugin settings page implementation improved
Dependencies updated
Code improvements

(For older records, see the changelog.txt file).

Very useful for forcing the reset of passwords for multiple administrators

Some quality of life needed