How to force new WordPress users to reset password on first login

You are here:

Why force new WordPress users to reset their password?

There are quite a few reasons why you would want to force new users to reset their password upon logging in to your WordPress website for the first time.

New users are prone to using weak passwords. Given the option, users always use weak passwords. So when they receive the user registration email with a password reset link, they will use a weak password. Very few users are security-savvy and use a password manager to store strong passwords.

New user using a weak first password

Another password security problem, is that passwords are typically sent over email. For example, when you register as a customer on a WooCommerce store or membership platform, you receive the password over email. So it is recommended to force new users to reset their password the first time they login since emails are sent as clear text.

User password sent in clear text over email

How to force new users to change their password the first time they login to your WordPress website

  1. Install the Password Policy Manager for WordPress plugin.
  2. Navigate to the Password Policies section.
  3. Enable the policy Reset password on first login. Once this policy is enabled, when a user logs in for the first time their password has to meet all the policies for it to be accepted.

Users are asked to change password on first time login