PHPackages craftpulse/craft-password-policy - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. craftpulse/craft-password-policy ActiveCraft-plugin[Security](/categories/security) craftpulse/craft-password-policy ================================ Password Policy plugin 5.1.0(6mo ago)2826.0k—7.9%12[3 PRs](https://github.com/craftpulse/craft-password-policy/pulls)1proprietaryPHPPHP ^8.2.0 Since Apr 7Pushed 3mo ago1 watchersCompare [ Source](https://github.com/craftpulse/craft-password-policy)[ Packagist](https://packagist.org/packages/craftpulse/craft-password-policy)[ RSS](/packages/craftpulse-craft-password-policy/feed)WikiDiscussions v5 Synced 1mo ago READMEChangelog (10)Dependencies (7)Versions (29)Used By (1) Password Policy plugin for Craft CMS 5.x ======================================== [](#password-policy-plugin-for-craft-cms-5x) The Password Policy plugin is a powerful tool for enforcing secure password policies within your Craft CMS 5 installation. It helps administrators define and manage password rules for users, enhancing security and compliance in multi-user environments. [![Screenshot](./resources/img/password-policy.jpg)](./resources/img/password-policy.jpg) Requirements ------------ [](#requirements) This plugin requires Craft CMS 5.0.0 or later. Installation ------------ [](#installation) To install Password Policy, follow these steps: 1. Open your terminal and go to your Craft project: ``` cd /path/to/project ``` 2. Then tell Composer to load the plugin: ``` composer require craftpulse/craft-password-policy ``` 3. Install the plugin via `./craft install/plugin password-policy` via the CLI, or in the Control Panel, go to Settings → Plugins and click the “Install” button for Password Policy. You can also install Password Policy via the **Plugin Store** in the Craft Control Panel. Password Policy works on Craft 5.x. Configuration options --------------------- [](#configuration-options) ### Minimum Password Length [](#minimum-password-length) Define the minimum number of characters a password must contain. Default: `8` ### Complexity Requirements [](#complexity-requirements) The following requirements can be enabled in the plugin settings: - At least one uppercase and lowercase letter - At least one number - At least one special character (e.g., !@#$%) ### Password Strength Indicator [](#password-strength-indicator) A password strength indicator can be enabled to aid your users into choosing a stronger password ### Content Security Policy (CSP) Nonce Support [](#content-security-policy-csp-nonce-support) For sites with strict Content Security Policy requirements, the plugin supports CSP nonces for the password indicator script. This is useful for CSP policies that require nonces for all external scripts instead of allowing `'self'`. **The plugin does NOT set CSP headers** - you must configure these yourself. **Note:** Most users don't need this feature. Only enable if you have strict CSP policies that require nonces for external scripts. This should only be activated if it's available on the front-end. ### Have I been pwned? [](#have-i-been-pwned) Enhance your security by ensuring users can not select any leaked password. This employs the k-Anonymity method to validate passwords against the Pwned Passwords API without compromising user privacy by revealing passwords to an external service. ### Password Retention Features [](#password-retention-features) #### Password Expiration Method [](#password-expiration-method) You can determine the period in days,weeks,months or years when a password should expire. If you want to make use of this functionality, you can find this under Utilities → Password Retention → Force Reset Passwords. Or if you want to use this utility through the CLI for e.g. a cronjob you can use `craft password-policy/retention/force-reset-passwords`. Brought to you by [CraftPulse](https://craft-pulse.com/) ### Health Score 59 — FairBetter than 99% of packages Maintenance73 Regular maintenance activity Popularity41 Moderate usage in the ecosystem Community18 Small or concentrated contributor base Maturity86 Battle-tested with a long release history Bus Factor1 Top contributor holds 94.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~131 days Recently: every ~79 days Total 22 Last Release 202d ago Major Versions 1.2.0 → 4.0.0-beta.12022-04-20 v4.x-dev → 5.0.0-beta12024-04-11 PHP version history (2 changes)4.0.0-beta.1PHP ^8.0.2 5.0.0PHP ^8.2.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/5cc936921e382ceab892ad03aa12acc365be0992e066c72b37004995847ca31e?d=identicon)[craftpulse](/maintainers/craftpulse) --- Top Contributors [![michtio](https://avatars.githubusercontent.com/u/5818021?v=4)](https://github.com/michtio "michtio (51 commits)")[![khalwat](https://avatars.githubusercontent.com/u/7570798?v=4)](https://github.com/khalwat "khalwat (1 commits)")[![niektenhoopen](https://avatars.githubusercontent.com/u/3450011?v=4)](https://github.com/niektenhoopen "niektenhoopen (1 commits)")[![Zae](https://avatars.githubusercontent.com/u/96126?v=4)](https://github.com/Zae "Zae (1 commits)") --- Tags securitycmsCraftcraftcmscraft-pluginpasswordsstrong passwords ### Embed Badge ![Health badge](/badges/craftpulse-craft-password-policy/health.svg) ``` [![Health](https://phpackages.com/badges/craftpulse-craft-password-policy/health.svg)](https://phpackages.com/packages/craftpulse-craft-password-policy) ``` ### Alternatives [nystudio107/craft-seomatic SEOmatic facilitates modern SEO best practices & implementation for Craft CMS 5. It is a turnkey SEO system that is comprehensive, powerful, and flexible. 1741.4M46](/packages/nystudio107-craft-seomatic)[verbb/formie The most user-friendly forms plugin for Craft. 101372.9k40](/packages/verbb-formie)[verbb/vizy A flexible visual editor field for Craft. 4348.6k](/packages/verbb-vizy)[verbb/hyper A user-friendly links field for Craft. 24130.9k9](/packages/verbb-hyper)[verbb/icon-picker A slick field to pick icons from. Supports SVGs, Sprites, Webfonts, Font Awesome and more. 16162.4k4](/packages/verbb-icon-picker)[enupal/backup Fully integrated Backup solution for Craft CMS 1612.5k1](/packages/enupal-backup) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)