This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Password Rules


This simple plugin allows the WordPress site administrator to enforce minimal password requirements on its user. You can specify a minimal password length. You can also demand that users input uppercase characters, digits or special characters. This only effects password changes. Existing passwords will not be validated.


  • Settings page.


  1. Drop the ‘password_rules’ folder in your plugin directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Set your desired password requirements in Settings/Password Rules


What are the default password requirements impose by WordPress?

Anything except an empty string can be use as a password in an out of the box WordPress installation.

Why should I care about the password of my users?

Short passwords using a small character set are vulnerable to brute force attacks. Also, IT deparements in large organisations will often request minimal security requirements before deploying an app; this extension can help you cut throught the red tape.

What about existing users?

WordPress hashes passwords before storing them in its database. You can not determined the original password from its hashed. So it’s impossible to validate existing password to see if they meet your requirements. This extension will only validates passwords when the user updates his profile.

Contributors & Developers

“Password Rules” is open source software. The following people have contributed to this plugin.


Translate “Password Rules” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Initial release.


  • Corrected bug that prevented translations from being displayed.


  • Very minor correction to translation in French.