Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expire Passwords #89

Draft
wants to merge 16 commits into
base: develop
Choose a base branch
from
Draft

Expire Passwords #89

wants to merge 16 commits into from

Conversation

ivanlopez
Copy link

Description of the Change

This feature allows site administrators to enable and configure a site wide password policy. The password policy controls:

  • How many days a password is good for
  • How many days before a password is expired to send users a reminder to reset their password
  • The number of unique passwords a users needs to use before they can repeat a past password
  • The email reminder message sent to soon to expire password users

In the case when a users does not reset their password before it is expired they will be prompted to reset their password before being able to login to WordPress.

Benefits

Users tends to reuse their passwords across multiple sites and services this forces users to constantly be changing their password protecting their account.

Possible Drawbacks

  1. I still need to work at getting network wide option added
  2. Sites that don't have email configured correctly could cause reminder emails to end up in spam

Verification Process

  1. Enable Plugin
  2. Go to Users -> Password Policy
  3. Check the enabled checkbox
  4. Set the Password Expires and the Send Password Reminder fields I recommend using a small number so you don't have to wait as long.
  5. Go to your profile and set a new Password
  6. After that try and set a new password to the one you just added. You should get an error that you can't reuse the same password.
  7. Based on the number days you put in the Send Password Reminder fields you should receive an email reminder with a link to reset your password.
  8. Based on the number days you put in the Password Expires fields as long as you have not reset your password you should be prompted to reset your password when you attempt to login.

Checklist:

  • I have read the CONTRIBUTING document.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my change.
  • All new and existing tests passed.

Changelog Entry

Added new password policy setting allowing site administrators to control password expiration and how often passwords can be repated

Ivan Lopez added 16 commits May 7, 2021 15:43
add admin page for password policy screens
8df3977
add past password class that keeps track of a users past passwords an…
744430e 
…d compares it to the password they are trying to set
add login password policy logic
0b1370c
prevent users from logging in if their password is expired
4ef53f9
register daily cron event to notify all users who qualify for an soon…
abb9bb2 
… to be expired password
fix email message and add deactivation cleanup code
11642ec
fix email notification logic and add the ability to include dynamic t…
c37baa2 
…ext in the reminder email
update reminder date logic so that emails get sent out to users how p…
64d43a1 
…assoword expire in x days
add constant to disable password policy functionality
bd8d027
update readme file
29a39d0
fix typo
7f903c5
remove extra space
b4f630f
update constant name
fca8e3b
add additional checks to make sure our password policy setting are at…
615ead2 
… least greater than one day
fix expire description
d8a5ac1
rollback version
ed77f1d
@jeffpaul jeffpaul added this to the Future Release milestone Sep 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
internal review
Projects
None yet
Milestone
Future Release
Development

Successfully merging this pull request may close these issues.
2 participants
@ivanlopez @jeffpaul