Please add 'Enforce strong passwords' and 'Password Expiry' to the core

These 2 features are often included in bigger plugins (Wordfence, iThemes Security, etc) but they should be core features so new users have to use them from the outset. Thanks!

Read-only archive:

Author: Martin Malden

Vote count: 30

Status: open


  • request-add-feature
  • difficulty-easy


This is 2 separate requests based on 2 different principles.

All the evidence seems to suggest that:

  1. Websites’ strong password algorithms are all very well but there are other (easier to remember) ways of making strong passwords that may not get past a restrictive algorithm
  2. Password expiry works against having strong passwords

I’d be in favour of a minimum length but that’s all.


Me too.

Requiring “strong” passwords, such as those with numbers and other symbols, would also require that users use a password manager, and not everyone does that.

Enforced password expiry is also a hassle for those who doesn’t want this feature.


The consensus is that both enforcing strong passwords and password expiry go against security recommendations. But, there is support for minimum length. This petition will be closed, but a new petition for minimum length will be created.

1 Like

This topic was automatically closed after 3 days. New replies are no longer allowed.