search

10up / 10up-experience

The 10up Experience plugin configures WordPress to better protect and inform clients, aligned to 10up’s best practices.
GNU General Public License v2.0
130 stars 27 forks source link

Expire Passwords #89

Open ivanlopez opened 3 years ago

ivanlopez commented 3 years ago

Description of the Change

This feature allows site administrators to enable and configure a site wide password policy. The password policy controls:

In the case when a users does not reset their password before it is expired they will be prompted to reset their password before being able to login to WordPress.

Benefits

Users tends to reuse their passwords across multiple sites and services this forces users to constantly be changing their password protecting their account.

Possible Drawbacks

  1. I still need to work at getting network wide option added
  2. Sites that don't have email configured correctly could cause reminder emails to end up in spam

Verification Process

  1. Enable Plugin
  2. Go to Users -> Password Policy
  3. Check the enabled checkbox
  4. Set the Password Expires and the Send Password Reminder fields I recommend using a small number so you don't have to wait as long.
  5. Go to your profile and set a new Password
  6. After that try and set a new password to the one you just added. You should get an error that you can't reuse the same password.
  7. Based on the number days you put in the Send Password Reminder fields you should receive an email reminder with a link to reset your password.
  8. Based on the number days you put in the Password Expires fields as long as you have not reset your password you should be prompted to reset your password when you attempt to login.

Checklist:

Changelog Entry

Added new password policy setting allowing site administrators to control password expiration and how often passwords can be repated