{"id":114075,"date":"2019-12-03T00:58:07","date_gmt":"2019-12-03T00:58:07","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/expire-user-passwords\/"},"modified":"2026-02-17T09:27:14","modified_gmt":"2026-02-17T09:27:14","slug":"expire-user-passwords","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/expire-user-passwords\/","author":9374780,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.4.2","stable_tag":"1.4.2","tested":"6.9.4","requires":"4.0","requires_php":"8.1","requires_plugins":null,"header_name":"Expire User Passwords","header_author":"Miller Media","header_description":"Require certain users to change their passwords on a regular basis.","assets_banners_color":"cccccc","last_updated":"2026-02-17 09:27:14","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/mattmiller.ai","rating":4.2,"author_block_rating":0,"active_installs":3000,"downloads":58530,"num_ratings":5,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"MillerMediaNow","date":"2019-12-03 01:03:32"},"1.1.0":{"tag":"1.1.0","author":"MillerMediaNow","date":"2020-02-15 10:18:14"},"1.1.1":{"tag":"1.1.1","author":"MillerMediaNow","date":"2020-08-14 07:46:58"},"1.1.2":{"tag":"1.1.2","author":"MillerMediaNow","date":"2022-05-04 19:33:40"},"1.2":{"tag":"1.2","author":"MillerMediaNow","date":"2022-05-04 20:01:18"},"1.3":{"tag":"1.3","author":"MillerMediaNow","date":"2022-09-27 18:42:48"},"1.3.1":{"tag":"1.3.1","author":"MillerMediaNow","date":"2022-10-01 05:07:34"},"1.3.2":{"tag":"1.3.2","author":"MillerMediaNow","date":"2026-02-08 22:45:27"},"1.3.3":{"tag":"1.3.3","author":"MillerMediaNow","date":"2026-02-09 16:30:31"},"1.3.4":{"tag":"1.3.4","author":"MillerMediaNow","date":"2026-02-09 19:50:59"},"1.3.5":{"tag":"1.3.5","author":"MillerMediaNow","date":"2026-02-09 21:15:29"},"1.3.6":{"tag":"1.3.6","author":"MillerMediaNow","date":"2026-02-10 00:12:40"},"1.3.7":{"tag":"1.3.7","author":"MillerMediaNow","date":"2026-02-10 01:00:28"},"1.3.8":{"tag":"1.3.8","author":"MillerMediaNow","date":"2026-02-10 06:42:37"},"1.3.9":{"tag":"1.3.9","author":"MillerMediaNow","date":"2026-02-12 21:54:27"},"1.4.0":{"tag":"1.4.0","author":"MillerMediaNow","date":"2026-02-16 17:49:38"},"1.4.1":{"tag":"1.4.1","author":"MillerMediaNow","date":"2026-02-17 06:53:14"},"1.4.2":{"tag":"1.4.2","author":"MillerMediaNow","date":"2026-02-17 09:27:14"}},"upgrade_notice":[],"ratings":{"1":0,"2":1,"3":0,"4":1,"5":3},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":2204928,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":2204928,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":2204933,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":2204933,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.1.0","1.1.1","1.1.2","1.2","1.3","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.2"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":2204928,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":2204928,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":2204928,"resolution":"3","location":"assets","locale":""}},"screenshots":{"1":"Configure which user roles should be required to regularly reset their passwords and how often.","2":"Users with expired passwords are redirected to the password reset screen upon sign in.","3":"Users are not permitted to use the same password two times in a row during reset."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[602,1932,8588,600,1917],"plugin_category":[38,43,58],"plugin_contributors":[77890,176977,153151],"plugin_business_model":[],"class_list":["post-114075","plugin","type-plugin","status-publish","hentry","plugin_tags-login","plugin_tags-membership","plugin_tags-passwords","plugin_tags-security","plugin_tags-users","plugin_category-authentication","plugin_category-customization","plugin_category-user-management","plugin_contributors-fjarrett","plugin_contributors-millermediadev","plugin_contributors-millermedianow","plugin_committers-millermedianow"],"banners":{"banner":"https:\/\/ps.w.org\/expire-user-passwords\/assets\/banner-772x250.png?rev=2204933","banner_2x":"https:\/\/ps.w.org\/expire-user-passwords\/assets\/banner-1544x500.png?rev=2204933","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/expire-user-passwords\/assets\/icon-128x128.png?rev=2204928","icon_2x":"https:\/\/ps.w.org\/expire-user-passwords\/assets\/icon-256x256.png?rev=2204928","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/expire-user-passwords\/assets\/screenshot-1.png?rev=2204928","caption":"Configure which user roles should be required to regularly reset their passwords and how often."},{"src":"https:\/\/ps.w.org\/expire-user-passwords\/assets\/screenshot-2.png?rev=2204928","caption":"Users with expired passwords are redirected to the password reset screen upon sign in."},{"src":"https:\/\/ps.w.org\/expire-user-passwords\/assets\/screenshot-3.png?rev=2204928","caption":"Users are not permitted to use the same password two times in a row during reset."}],"raw_content":"<!--section=description-->\n<p>Note: This is a forked version of the now unsupported <a href=\"https:\/\/wordpress.org\/plugins\/expire-passwords\/\">Expire Passwords<\/a> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository <a href=\"https:\/\/github.com\/Miller-Media\/expire-passwords\">Expire Passwords<\/a> on GitHub<\/p>\n\n<p><strong>Did you find this plugin helpful? Please consider <a href=\"https:\/\/wordpress.org\/support\/view\/plugin-reviews\/expire-user-passwords\">leaving a 5-star review<\/a>.<\/strong><\/p>\n\n<p>Harden the security of your site by preventing unauthorized access to stale user accounts.<\/p>\n\n<p>This plugin is also ideal for sites needing to meet certain industry security compliances - such as government, banking or healthcare.<\/p>\n\n<p>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).<\/p>\n\n<p><strong>Languages supported:<\/strong><\/p>\n\n<ul>\n<li>Albanian (Shqip)<\/li>\n<li>Arabic (\u0627\u0644\u0639\u0631\u0628\u064a\u0629)<\/li>\n<li>Armenian (\u0540\u0561\u0575\u0565\u0580\u0565\u0576)<\/li>\n<li>Basque (Euskara)<\/li>\n<li>Bengali (\u09ac\u09be\u0982\u09b2\u09be)<\/li>\n<li>Bulgarian (\u0411\u044a\u043b\u0433\u0430\u0440\u0441\u043a\u0438)<\/li>\n<li>Catalan (Catal\u00e0)<\/li>\n<li>Chinese Simplified (\u7b80\u4f53\u4e2d\u6587)<\/li>\n<li>Croatian (Hrvatski)<\/li>\n<li>Czech (\u010ce\u0161tina)<\/li>\n<li>Danish (Dansk)<\/li>\n<li>Dutch (Nederlands)<\/li>\n<li>Estonian (Eesti)<\/li>\n<li>Finnish (Suomi)<\/li>\n<li>French (Fran\u00e7ais)<\/li>\n<li>Galician (Galego)<\/li>\n<li>Georgian (\u10e5\u10d0\u10e0\u10d7\u10e3\u10da\u10d8)<\/li>\n<li>German (Deutsch)<\/li>\n<li>Greek (\u0395\u03bb\u03bb\u03b7\u03bd\u03b9\u03ba\u03ac)<\/li>\n<li>Hebrew (\u05e2\u05d1\u05e8\u05d9\u05ea)<\/li>\n<li>Hindi (\u0939\u093f\u0928\u094d\u0926\u0940)<\/li>\n<li>Hungarian (Magyar)<\/li>\n<li>Indonesian (Bahasa Indonesia)<\/li>\n<li>Irish (Gaeilge)<\/li>\n<li>Italian (Italiano)<\/li>\n<li>Japanese (\u65e5\u672c\u8a9e)<\/li>\n<li>Korean (\ud55c\uad6d\uc5b4)<\/li>\n<li>Latvian (Latvie\u0161u)<\/li>\n<li>Lithuanian (Lietuvi\u0173)<\/li>\n<li>Macedonian (\u041c\u0430\u043a\u0435\u0434\u043e\u043d\u0441\u043a\u0438)<\/li>\n<li>Norwegian (Norsk)<\/li>\n<li>Persian (\u0641\u0627\u0631\u0633\u06cc)<\/li>\n<li>Persian - Afghanistan (\u062f\u0631\u06cc)<\/li>\n<li>Polish (Polski)<\/li>\n<li>Portuguese - Brazil (Portugu\u00eas do Brasil)<\/li>\n<li>Portuguese - Portugal (Portugu\u00eas)<\/li>\n<li>Romanian (Rom\u00e2n\u0103)<\/li>\n<li>Russian (\u0420\u0443\u0441\u0441\u043a\u0438\u0439)<\/li>\n<li>Serbian (\u0421\u0440\u043f\u0441\u043a\u0438)<\/li>\n<li>Slovak (Sloven\u010dina)<\/li>\n<li>Slovenian (Sloven\u0161\u010dina)<\/li>\n<li>Spanish (Espa\u00f1ol)<\/li>\n<li>Swedish (Svenska)<\/li>\n<li>Tamil (\u0ba4\u0bae\u0bbf\u0bb4\u0bcd)<\/li>\n<li>Thai (\u0e44\u0e17\u0e22)<\/li>\n<li>Turkish (T\u00fcrk\u00e7e)<\/li>\n<li>Ukrainian (\u0423\u043a\u0440\u0430\u0457\u043d\u0441\u044c\u043a\u0430)<\/li>\n<li>Urdu (\u0627\u0631\u062f\u0648)<\/li>\n<li>Vietnamese (Ti\u1ebfng Vi\u1ec7t)<\/li>\n<li>Welsh (Cymraeg)<\/li>\n<\/ul>\n\n<p><strong>Development of this plugin is done <a href=\"https:\/\/github.com\/Miller-Media\/expire-passwords\">on GitHub<\/a>. Pull requests welcome. Please see <a href=\"https:\/\/github.com\/Miller-Media\/expire-passwords\/issues\">issues reported<\/a> there before going to the plugin forum.<\/strong><\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"what%20happens%20to%20existing%20users%20when%20i%20first%20install%20the%20plugin%3F\"><h3>What happens to existing users when I first install the plugin?<\/h3><\/dt>\n<dd><p>Existing users are <strong>not<\/strong> immediately expired. The plugin tracks each user's last password reset date. Users who have never reset their password have no recorded date, so they are treated as not expired. The expiration clock only starts once a user registers or resets their password after the plugin is active.<\/p><\/dd>\n<dt id=\"how%20can%20i%20hide%20the%20settings%20page%20from%20certain%20roles%3F\"><h3>How can I hide the settings page from certain roles?<\/h3><\/dt>\n<dd><p>The plugin provides a <code>eup_submenu_access<\/code> filter to control which capability is required to see the settings page. By default it requires <code>manage_options<\/code>. To restrict it to only administrators, add this to your theme's <code>functions.php<\/code>:<\/p>\n\n<pre><code>add_filter( 'eup_submenu_access', function() { return 'manage_network'; } );\n<\/code><\/pre>\n\n<p>Or use any capability that only your desired role has. This is useful when custom roles have <code>manage_options<\/code> for other purposes but should not access the Expire User Passwords settings.<\/p><\/dd>\n<dt id=\"what%20is%20the%20default%20password%20expiration%20period%3F\"><h3>What is the default password expiration period?<\/h3><\/dt>\n<dd><p>The default is 90 days. You can change this in Settings &gt; Expire Passwords to any value between 1 and 365 days.<\/p><\/dd>\n<dt id=\"which%20user%20roles%20are%20affected%20by%20default%3F\"><h3>Which user roles are affected by default?<\/h3><\/dt>\n<dd><p>By default, all non-Administrator roles are required to reset their passwords. You can customize which roles are affected in the plugin settings.<\/p><\/dd>\n<dt id=\"can%20users%20reuse%20their%20old%20password%3F\"><h3>Can users reuse their old password?<\/h3><\/dt>\n<dd><p>No. When a user's password expires and they are prompted to reset it, they cannot use the same password they had before.<\/p><\/dd>\n<dt id=\"what%20php%20and%20wordpress%20versions%20are%20supported%3F\"><h3>What PHP and WordPress versions are supported?<\/h3><\/dt>\n<dd><p>The plugin requires PHP 8.1 or higher and has been tested up to WordPress 6.9.1. It requires WordPress 4.0 at minimum.<\/p><\/dd>\n<dt id=\"what%20languages%20are%20supported%3F\"><h3>What languages are supported?<\/h3><\/dt>\n<dd><p>The plugin is available in 50 languages!<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.4.2<\/h4>\n\n<ul>\n<li>Added sanitization callback to register_setting()<\/li>\n<li>Added translators comment and fixed singular placeholder in _n() call<\/li>\n<li>Removed .gitmodules and .travis.yml from plugin directory<\/li>\n<li>Updated \"Tested up to\" to 6.9<\/li>\n<\/ul>\n\n<h4>1.4.1<\/h4>\n\n<ul>\n<li>Added GPL license declaration to plugin header<\/li>\n<li>Updated Author URI<\/li>\n<li>Added direct file access protection to all PHP files<\/li>\n<li>Improved output escaping and input sanitization<\/li>\n<li>Removed non-production files from plugin directory<\/li>\n<\/ul>\n\n<h4>1.4.0<\/h4>\n\n<ul>\n<li>Added translations for 50 languages<\/li>\n<li>Added POT translation template file<\/li>\n<li>Added opt-in data cleanup on plugin deletion<\/li>\n<li>Updated FAQ section<\/li>\n<li>Updated readme with complete language list<\/li>\n<\/ul>\n\n<h4>1.3.9<\/h4>\n\n<ul>\n<li>Added translations for Russian, Polish, Dutch, Turkish, and Swedish<\/li>\n<li>Updated localization section in readme<\/li>\n<\/ul>\n\n<h4>1.3.8<\/h4>\n\n<ul>\n<li>Added Chinese Simplified (zh_CN) translation<\/li>\n<\/ul>\n\n<h4>1.3.7<\/h4>\n\n<ul>\n<li>Added Japanese (ja) translation<\/li>\n<\/ul>\n\n<h4>1.3.6<\/h4>\n\n<ul>\n<li>Tested up to WordPress 6.9.1<\/li>\n<\/ul>\n\n<h4>1.3.5<\/h4>\n\n<ul>\n<li>Added dismissible review prompt notice after 14 days of usage<\/li>\n<li>Removed non-dismissible footer review prompt from settings page<\/li>\n<\/ul>\n\n<h4>1.3.4<\/h4>\n\n<ul>\n<li>Added translations for Spanish, French, German, Portuguese (Brazilian), and Italian<\/li>\n<\/ul>\n\n<h4>1.3.3<\/h4>\n\n<ul>\n<li>Added FAQ section documenting first-install behavior and settings page access control<\/li>\n<\/ul>\n\n<h4>1.3.2<\/h4>\n\n<ul>\n<li>Compatibility updates for WordPress 6.9 and PHP 8.1+<\/li>\n<li>Replaced deprecated FILTER_SANITIZE_STRING usage<\/li>\n<\/ul>\n\n<h4>1.3.1 - September 30, 2022<\/h4>\n\n<ul>\n<li>Support for PHP 7.2 and older<\/li>\n<\/ul>\n\n<h4>1.3 - September 27, 2022<\/h4>\n\n<ul>\n<li>Added ability for users to reset their expired password from the login screen<\/li>\n<li>Added Dutch translation<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/janwoostendorp\">@janwoostendorp<\/a><\/p>\n\n<h4>1.2 - May 4, 2022<\/h4>\n\n<ul>\n<li>Added 'eup_submenu_access' filter for greater control to access of plugin settings<\/li>\n<\/ul>\n\n<h4>1.1.0 - February 15, 2020<\/h4>\n\n<ul>\n<li>Fix: Updated namespace issues that caused critical errors when installing<\/li>\n<li>Tweak: Tested support for WordPress 5.3.2<\/li>\n<\/ul>\n\n<h4>1.0.0 - November 7, 2019<\/h4>\n\n<ul>\n<li>New: Indicate support for WordPress 5.3<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/Miller-Media\">@Miller-Media<\/a><\/p>\n\n<h4>0.6.0 - January 5, 2017<\/h4>\n\n<ul>\n<li>Fix: Expiration not updating when resetting a password via email confirmation link.<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/fjarrett\">@fjarrett<\/a><\/p>\n\n<h4>0.5.0 - December 23, 2016<\/h4>\n\n<ul>\n<li>Tweak: Indicate support for WordPress 4.7 and require at least 4.0.<\/li>\n<li>Fix: Selected user roles in plugin settings not always being honored.<\/li>\n<li>Fix: Destroy all sessions after login with an expired password.<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/fjarrett\">@fjarrett<\/a><\/p>\n\n<h4>0.4.0 - April 13, 2016<\/h4>\n\n<ul>\n<li>New: Indicate support for WordPress 4.5.<\/li>\n<li>Tweak: Bring back PHP 5.2 compatibility.<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/fjarrett\">@fjarrett<\/a><\/p>\n\n<h4>0.3.0 - July 9, 2015<\/h4>\n\n<ul>\n<li>New: Language support for Czech<\/li>\n<li>Tweak: Optimizations requiring PHP 5.3 or higher<\/li>\n<li>Fix: User role array error before options exist<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/fjarrett\">@fjarrett<\/a>, <a href=\"https:\/\/github.com\/dero\">@dero<\/a><\/p>\n\n<h4>0.2.2 - July 2, 2015<\/h4>\n\n<ul>\n<li>New: Language support for Espa\u00f1ol<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/fjarrett\">@fjarrett<\/a><\/p>\n\n<h4>0.2.1 - July 2, 2015<\/h4>\n\n<ul>\n<li>Fix: Fatal undefined function error occuring in some cases (<a href=\"https:\/\/github.com\/fjarrett\/expire-passwords\/issues\/3\">#3<\/a>)<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/fjarrett\">@fjarrett<\/a><\/p>\n\n<h4>0.2.0 - April 29, 2015<\/h4>\n\n<ul>\n<li>New: Disallow using the same password as before on reset (<a href=\"https:\/\/github.com\/fjarrett\/expire-passwords\/issues\/1\">#1<\/a>)<\/li>\n<li>Tweak: Use default if limit is set to greater than 365 days<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/fjarrett\">@fjarrett<\/a><\/p>\n\n<h4>0.1.0 - April 28, 2015<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<\/ul>\n\n<p>Props <a href=\"https:\/\/github.com\/fjarrett\">@fjarrett<\/a><\/p>","raw_excerpt":"Require certain users to change their passwords on a regular basis.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/114075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=114075"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/millermedianow"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=114075"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=114075"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=114075"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=114075"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=114075"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=114075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}