PHPackages                             bastibuck/contao-force-password-change - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. bastibuck/contao-force-password-change

ActiveContao-module[Security](/categories/security)

bastibuck/contao-force-password-change
======================================

Force members to change their initial password after first login

1.0.0(8y ago)17783[4 issues](https://github.com/bastibuck/contao-force-password-change/issues)[1 PRs](https://github.com/bastibuck/contao-force-password-change/pulls)LGPL-3.0+PHPPHP &gt;=5.4.0

Since Jul 9Pushed 7y ago2 watchersCompare

[ Source](https://github.com/bastibuck/contao-force-password-change)[ Packagist](https://packagist.org/packages/bastibuck/contao-force-password-change)[ Docs](https://github.com/bastibuck/contao-force-password-change)[ RSS](/packages/bastibuck-contao-force-password-change/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependencies (2)Versions (3)Used By (0)

Contao: Force Password Change
=============================

[](#contao-force-password-change)

Extension for Contao Open Source CMS that forces members to change their password after first login

[![Latest Stable Version](https://camo.githubusercontent.com/e37f893bd4f2d10f5d28a370741dbf38a8ae25b3b8f17416b0ab6e64506dc5cf/68747470733a2f2f706f7365722e707567782e6f72672f62617374696275636b2f636f6e74616f2d666f7263652d70617373776f72642d6368616e67652f762f737461626c65)](https://packagist.org/packages/bastibuck/contao-force-password-change)[![Total Downloads](https://camo.githubusercontent.com/ddab242c292fbd75350e0dc1445f6cea473f076253198e2035572245be9dd817/68747470733a2f2f706f7365722e707567782e6f72672f62617374696275636b2f636f6e74616f2d666f7263652d70617373776f72642d6368616e67652f646f776e6c6f616473)](https://packagist.org/packages/bastibuck/contao-force-password-change)[![License](https://camo.githubusercontent.com/4bc6ec30a0d02796270847923182633b4f365479491ec4520c37bd81ee21489b/68747470733a2f2f706f7365722e707567782e6f72672f62617374696275636b2f636f6e74616f2d666f7263652d70617373776f72642d6368616e67652f6c6963656e7365)](https://packagist.org/packages/bastibuck/contao-force-password-change)

Description
-----------

[](#description)

With this extension you can redirect members to a page as long as they haven't changed the initial password after importing members with a default password or if you want a member to reset the password (e.g. if the admin has reset the password in the BE).

As long as the member hasn't changed the password it will always be redirected to that page (no matter what page of your website the member tries to visit). After changing the password successfully the member will be able to use the internal services as intended.

Installation
------------

[](#installation)

1. Create a new page for the **change password module**
2. Create another (optional) page to redirect the member to after changing the password. Display a simple text e.g. "Password changed" here
3. Create a member group
4. Check and set the "force password change" settings by choosing a jump-to page
5. Assign members to that member group
6. Create a new module of type "Force Password Change"
7. You can add optional headline, description and redirect page
8. Embed the module on the created page members will be redirected

###  Health Score

24

—

LowBetter than 31% of packages

Maintenance0

Infrequent updates — may be unmaintained

Popularity17

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

3278d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/c38cc3c3ddcfb9a637c41c1d27a3a4f0c7f8c99865008829d3342dd1b0e7e19c?d=identicon)[bastibuck](/maintainers/bastibuck)

---

Top Contributors

[![bastibuck](https://avatars.githubusercontent.com/u/6306291?v=4)](https://github.com/bastibuck "bastibuck (8 commits)")

---

Tags

securitypasswordimport

### Embed Badge

![Health badge](/badges/bastibuck-contao-force-password-change/health.svg)

```
[![Health](https://phpackages.com/badges/bastibuck-contao-force-password-change/health.svg)](https://phpackages.com/packages/bastibuck-contao-force-password-change)
```

###  Alternatives

[rych/phpass

PHP Password Library: Easy, secure password management for PHP

248837.5k4](/packages/rych-phpass)[bordoni/phpass

Portable PHP password hashing framework

244.6M28](/packages/bordoni-phpass)[jeremykendall/password-validator

Password Validator validates password\_hash generated passwords, rehashes passwords as necessary, and will upgrade legacy passwords.

14270.3k3](/packages/jeremykendall-password-validator)[mxrxdxn/pwned-passwords

A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach.

3377.0k4](/packages/mxrxdxn-pwned-passwords)[spooner-web/be_secure_pw

You can set password conventions to force secure passwords for BE users.

10464.5k](/packages/spooner-web-be-secure-pw)[firehed/security

Security tools for PHP

2276.3k2](/packages/firehed-security)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
