WordPress.org

Maltese

Get WordPress
WordPress.org

Plugin Directory

Password Policy & Complexity Requirements

Password Policy & Complexity Requirements

By Teydea Studio
Download
Live Preview

Description

Password Policy & Complexity Requirements is the ultimate solution for WordPress administrators who want to ensure users always use strong, secure passwords. Protect your site from brute-force attacks, compromised credentials, and weak password practices by setting robust, customizable password policies.

Key benefits:

  • Reduce risk of unauthorized access.
  • Promote strong password hygiene.
  • Comply with security best practices for WordPress, eCommerce, and multisite networks.
  • Simple setup, flexible controls, and seamless integration.

Features at a glance:

  • Enforce minimum password length and complexity.
  • Set password expiration/maximum password age.
  • Prevent use of common, weak passwords (PRO).
  • Support for multisite networks.
  • Support for WooCommerce (PRO).
  • Define policies by user roles or individual users (PRO).
  • Prevent password reuse (PRO).
  • Translation-ready and easy to use.

Discover more at wppasswordpolicy.com.

Why strong password policies matter

Weak passwords are one of the most common causes of WordPress site hacks. By enforcing strong password rules, you reduce the chances of data breaches, unauthorized access, and compliance issues. Whether you run a single blog, manage client sites, or operate a WooCommerce store, this plugin helps you protect your users and business.

Features

Free Features

  • Enforce minimum password length: Set and enforce the minimum number of characters for user passwords.
  • Password complexity requirements: Require a mix of uppercase, lowercase, numbers, special characters, unique characters, and restrict use of parts of the username.
  • Set maximum password age: Force users to update their passwords periodically (e.g., every 30 days).
  • Apply policies globally: Enforce password rules for all users on your site with a single click.
  • Multisite/network support: Compatible with both standard and multisite WordPress installations.
  • Translation-ready: Localize the plugin into any language easily.

PRO Features

  • Prevent password reuse: Block users from reusing their previous passwords—encourage new, unique passwords every time.
  • Custom password policies for user groups: Assign different password rules for admins, editors, WooCommerce customers, or specific usernames.
  • Block common, weak passwords: Over 100,000 common passwords blacklisted—prevent users from choosing easy-to-guess passwords.
  • WooCommerce integration: Enforce password policies on WooCommerce account pages, password reset, and registration forms.
  • Priority support and updates: Get premium email support and frequent updates as a PRO user.

Upgrade and learn more about the PRO version at wppasswordpolicy.com.

Video Tutorial

See the plugin in action:
https://www.youtube.com/watch?v=nHCAiNV9caE

Screenshots

  • Password policy rules overview.
  • Customizable password complexity settings.
  • Enforcement on user password change and reset forms.

Installation

  1. Upload the plugin files to the /wp-content/plugins/password-policy-and-complexity-requirements/ directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress.
  3. Go to the ‘Password Policy & Complexity Requirements’ settings page to configure your desired rules.
  4. Save changes. Your password policy is now active!

FAQ

Does this plugin work with WooCommerce?

Yes! The plugin integrates seamlessly with WooCommerce, enforcing password policies on customer accounts (PRO feature).

Can I set different password rules for different user roles?

Yes, with the PRO version you can assign different policies to administrators, editors, customers, or individual users.

What happens if a user tries to set a weak password?

They will receive a clear error message and guidance to meet the required password policy.

Is the plugin compatible with WordPress Multisite?

Absolutely! You can enforce password policies network-wide or on individual subsites.

How do I prevent users from reusing old passwords?

Upgrade to PRO and enable the “Prevent Password Reuse” feature.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Password Policy & Complexity Requirements” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Password Policy & Complexity Requirements” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

3.1.1 (2025-04-25)

  • Issue with nonce in the password reset form on password expiry fixed
  • Settings screen style improvements
  • Dependencies updated
  • Code improvements

3.1.0 (2025-04-04)

  • Compatibility with WordPress 6.8 confirmed
  • Issue of requesting the translated string too early fixed
  • Ability to configure maximum password length introduced; allows to prevent denial-of-service attacks caused by hashing too long passwords
  • Dependencies updated
  • Code improvements

3.0.0 (2025-02-21)

  • The scenario where a user’s password does not comply with the policy for reasons other than the minimum age, and the password age is unknown because the user has not changed the password since this plugin has been enabled, is now handled correctly
  • Integration with new account registration form improved
  • Password hint generation logic improved
  • Dependencies updated
  • Code improvements

2.7.1 (2024-11-25)

  • Plugin now checks whether the PRO version is activated; in case if it is, it stops loading itself
  • Uninstall file removed as it was out of date and could conflict with the PRO version of the plugin

2.7.0 (2024-11-08)

  • Custom capabilities for managing the plugin settings implemented
  • Compatibility with WordPress 6.7 confirmed
  • Dependencies updated
  • Code improvements

2.6.1 (2024-10-25)

  • JS dependency map and tree-shaking optimized
  • PHP 7.4 compatibility fixes implemented

2.6.0 (2024-10-17)

  • Fix blog switching bug in WordPress Multisite (Network) installations
  • Add caching to user roles getter function, along with proper cache invalidation, to improve the plugin’s performance
  • Language mapping file added for easier generation of JSON translation files
  • Dependencies updated
  • Code improvements

2.5.0 (2024-08-30)

  • Compatibility with older version of PHP (7.4) implemented
  • Dependencies updated
  • Code improvements

2.4.0 (2024-08-20)

  • Password reset validation improvements – now rendering an user-friendly error message rather than a “wp_die” screen
  • Password hint logic improved
  • Required WordPress core version bumped to 6.6 to use the new React JSX runtime package
  • Plugin container implementation improved
  • Dependencies updated
  • Code improvements

2.3.0 (2024-07-11)

  • Settings page redesigned
  • Dependencies updated
  • Code improvements

(For older records, see the changelog.txt file).

Commercial plugin

This plugin is free but offers additional paid commercial upgrades or support.

Meta

Ratings

No reviews have been submitted yet.

Add my review

See all reviews

Support

Got something to say? Need help?

View support forum