This is not the default behaviour of WordPress.
There must be some code, Plugin or Theme that makes this happen, even if I find it hard to believe that a Plugin or Theme would force a new password everytime you login… so it more likely is a Custom Code.
Have you added some custom code to the Theme’s functions.php file for example? If not, try to figure our if a Plugin, or the Theme is causing this (however as said, it is highly unlikely that a WordPress Theme or Plugin makes this happen).
What I would also try is to (if you can) set up a new user with admin role, and test with that user, to see if it is the same behaviour.
If you cannot find a culprit plugin, Theme, or code, then I am not sure what I would do next – however since this is absolutely certainly not a WordPress default behaviour, I perhaps would contact my host to ask if they have some strange security measures in place.
Also important to know would be, since when this happens. It can be of great help to know since when an issue happens to define what action caused the issue and never that action, to resolve the issue.
Hello, it started a week ago and I didn’t make any changes. I have already renamed all the plug-in folders and the problem persists. I tried to create another user through PhPMyAdmin and his password is also changed.
Then clearly something “happened” a week ago.
You have different options here I think, but I welcome anyone to chime in and perhaps add to the input.
1. Get a backup from back before one week and deploy it, if possible, test and see if it helps
2. Ask your host if they can see anything unusual connected to this behaviour, and wether they perhaps see a reason why this happens
3. Since you say even without code, plugins or theme this issue happens, the last resort I could suggest is to re-install WordPress with the button “Reinstall WordPress” in Dashboard > Updates
Do perform a backup before you do that, just for safety.
I don’t think however it will solve anything since this is not a WordPress “behaviour” but you never know.
I am still pretty sure this is some Custom code, plugin or else (perhaps Server/Host regulations/code) that forces something similar like this https://www.wpwhitesecurity.com/support/kb/require-users-reset-password-first-login/ on your site.
This reply was modified 2 years ago by Beda.
Install the plugin “WordFence” and scan the site for compromised files.