This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Expire User Passwords


This plugin forces users to change their passwords every 30 days. There is zero configuration.

Please report any bugs to Telegraph Media Group’s github page at This plugin also works in the mu-plugins directory.


“Expire User Passwords”
Copyright (C) 2012 Telegraph Media Group Limited

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see


  • Password has expired


  1. Install via WordPress Plugins administration page.
  2. Activate the plugin.
  3. That’s it. Sorry, were you expecting more?


I’ve found a bug?
  • Please report any bugs to
I want the expiry period to be different from 30 days?
  • In your wp-config.php file, add a define called ‘TMG_AEP_EXPIRY’, and set the value to the number of seconds until you want the log in to expire.
How are WordPress’ log in cookies handled?
  • When a user’s password expires, that user is prevented from being able to log in on your site until they reset their password.
  • If a user has a log in cookie set, and so are already logged in, they can still use your site until that cookie expires or they log out manually. WordPress cookies expire after 2 weeks, so a user account could remain active for 30 days plus 2 weeks.

Contributors & Developers

“Expire User Passwords” is open source software. The following people have contributed to this plugin.




  • First version.