Why force new WordPress users to reset their password?

There are quite a few reasons why you would want to force new users to reset their password upon logging in to your WordPress website for the first time.

New users are prone to using weak passwords. Given the option, users are more likely to use weak passwords since they are easy to remember. This can expose your WordPress website to additional security risks, which you can easily eliminate with MelaPress Login Security.

Another password security issue is that passwords are typically sent over email. For example, when you register as a customer on a WooCommerce store or membership platform, you receive the password over email. As such, forcing a new password on the first login can help you mitigate that risk.

User password sent in clear text over email

How to force new users to change their password the first time they login to your WordPress website

1. Install MelaPress Login Security
2. Navigate to Login Security > Login Security Policies
3. Navigate to the policy you would like this to apply to
4. Enable the Reset password on first login option.

Once this setting is enabled, when a user logs in for the first time, their password has to meet the applicable password policy for it to be accepted.