10up-experience icon indicating copy to clipboard operation
10up-experience copied to clipboard

Published 20 hours ago verified publisher icon 10up

Expire Passwords

Open ivanlopez opened this issue 3 years ago • 0 comments

Description of the Change

This feature allows site administrators to enable and configure a site wide password policy. The password policy controls:

  • How many days a password is good for
  • How many days before a password is expired to send users a reminder to reset their password
  • The number of unique passwords a users needs to use before they can repeat a past password
  • The email reminder message sent to soon to expire password users

In the case when a users does not reset their password before it is expired they will be prompted to reset their password before being able to login to WordPress.

Benefits

Users tends to reuse their passwords across multiple sites and services this forces users to constantly be changing their password protecting their account.

Possible Drawbacks

  1. I still need to work at getting network wide option added
  2. Sites that don't have email configured correctly could cause reminder emails to end up in spam

Verification Process

  1. Enable Plugin
  2. Go to Users -> Password Policy
  3. Check the enabled checkbox
  4. Set the Password Expires and the Send Password Reminder fields I recommend using a small number so you don't have to wait as long.
  5. Go to your profile and set a new Password
  6. After that try and set a new password to the one you just added. You should get an error that you can't reuse the same password.
  7. Based on the number days you put in the Send Password Reminder fields you should receive an email reminder with a link to reset your password.
  8. Based on the number days you put in the Password Expires fields as long as you have not reset your password you should be prompted to reset your password when you attempt to login.

Checklist:

  • [x] I have read the CONTRIBUTING document.
  • [x] My code follows the code style of this project.
  • [x] My change requires a change to the documentation.
  • [x] I have updated the documentation accordingly.
  • [ ] I have added tests to cover my change.
  • [ ] All new and existing tests passed.

Changelog Entry

Added new password policy setting allowing site administrators to control password expiration and how often passwords can be repated

ivanlopez avatar Jun 23 '21 13:06 ivanlopez