This feature allows site administrators to enable and configure a site wide password policy. The password policy controls:
How many days a password is good for
How many days before a password is expired to send users a reminder to reset their password
The number of unique passwords a users needs to use before they can repeat a past password
The email reminder message sent to soon to expire password users
In the case when a users does not reset their password before it is expired they will be prompted to reset their password before being able to login to WordPress.
Benefits
Users tends to reuse their passwords across multiple sites and services this forces users to constantly be changing their password protecting their account.
Possible Drawbacks
I still need to work at getting network wide option added
Sites that don't have email configured correctly could cause reminder emails to end up in spam
Verification Process
Enable Plugin
Go to Users -> Password Policy
Check the enabled checkbox
Set the Password Expires and the Send Password Reminder fields I recommend using a small number so you don't have to wait as long.
Go to your profile and set a new Password
After that try and set a new password to the one you just added. You should get an error that you can't reuse the same password.
Based on the number days you put in the Send Password Reminder fields you should receive an email reminder with a link to reset your password.
Based on the number days you put in the Password Expires fields as long as you have not reset your password you should be prompted to reset your password when you attempt to login.
Description of the Change
This feature allows site administrators to enable and configure a site wide password policy. The password policy controls:
In the case when a users does not reset their password before it is expired they will be prompted to reset their password before being able to login to WordPress.
Benefits
Users tends to reuse their passwords across multiple sites and services this forces users to constantly be changing their password protecting their account.
Possible Drawbacks
Verification Process
Password Expires
and theSend Password Reminder
fields I recommend using a small number so you don't have to wait as long.Send Password Reminder
fields you should receive an email reminder with a link to reset your password.Password Expires
fields as long as you have not reset your password you should be prompted to reset your password when you attempt to login.Checklist:
Changelog Entry
Added new password policy setting allowing site administrators to control password expiration and how often passwords can be repated