PHPackages                             percipioglobal/craft-password-policy - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. percipioglobal/craft-password-policy

Abandoned → [craftpulse/craft-password-policy](/?search=craftpulse%2Fcraft-password-policy)Craft-plugin[Security](/categories/security)

percipioglobal/craft-password-policy
====================================

Enforce a password policy on your users.

4.1.0(3y ago)28100.3k↓50%12[1 issues](https://github.com/craftpulse/craft-password-policy/issues)[3 PRs](https://github.com/craftpulse/craft-password-policy/pulls)1MITPHPPHP ^8.0.2

Since Apr 7Pushed 3mo ago1 watchersCompare

[ Source](https://github.com/craftpulse/craft-password-policy)[ Packagist](https://packagist.org/packages/percipioglobal/craft-password-policy)[ RSS](/packages/percipioglobal-craft-password-policy/feed)WikiDiscussions v5 Synced 1mo ago

READMEChangelog (10)Dependencies (2)Versions (23)Used By (1)

Password Policy plugin for Craft CMS 5.x
========================================

[](#password-policy-plugin-for-craft-cms-5x)

The Password Policy plugin is a powerful tool for enforcing secure password policies within your Craft CMS 5 installation. It helps administrators define and manage password rules for users, enhancing security and compliance in multi-user environments.

[![Screenshot](./resources/img/password-policy.jpg)](./resources/img/password-policy.jpg)

Requirements
------------

[](#requirements)

This plugin requires Craft CMS 5.0.0 or later.

Installation
------------

[](#installation)

To install Password Policy, follow these steps:

1. Open your terminal and go to your Craft project:

    ```
     cd /path/to/project

    ```
2. Then tell Composer to load the plugin:

    ```
     composer require craftpulse/craft-password-policy

    ```
3. Install the plugin via `./craft install/plugin password-policy` via the CLI, or in the Control Panel, go to Settings → Plugins and click the “Install” button for Password Policy.

You can also install Password Policy via the **Plugin Store** in the Craft Control Panel.

Password Policy works on Craft 5.x.

Configuration options
---------------------

[](#configuration-options)

### Minimum Password Length

[](#minimum-password-length)

Define the minimum number of characters a password must contain. Default: `8`

### Complexity Requirements

[](#complexity-requirements)

The following requirements can be enabled in the plugin settings:

- At least one uppercase and lowercase letter
- At least one number
- At least one special character (e.g., !@#$%)

### Password Strength Indicator

[](#password-strength-indicator)

A password strength indicator can be enabled to aid your users into choosing a stronger password

### Content Security Policy (CSP) Nonce Support

[](#content-security-policy-csp-nonce-support)

For sites with strict Content Security Policy requirements, the plugin supports CSP nonces for the password indicator script. This is useful for CSP policies that require nonces for all external scripts instead of allowing `'self'`. **The plugin does NOT set CSP headers** - you must configure these yourself.

**Note:** Most users don't need this feature. Only enable if you have strict CSP policies that require nonces for external scripts. This should only be activated if it's available on the front-end.

### Have I been pwned?

[](#have-i-been-pwned)

Enhance your security by ensuring users can not select any leaked password. This employs the k-Anonymity method to validate passwords against the Pwned Passwords API without compromising user privacy by revealing passwords to an external service.

### Password Retention Features

[](#password-retention-features)

#### Password Expiration Method

[](#password-expiration-method)

You can determine the period in days,weeks,months or years when a password should expire. If you want to make use of this functionality, you can find this under Utilities → Password Retention → Force Reset Passwords. Or if you want to use this utility through the CLI for e.g. a cronjob you can use `craft password-policy/retention/force-reset-passwords`.

Brought to you by [CraftPulse](https://craft-pulse.com/)

###  Health Score

51

—

FairBetter than 96% of packages

Maintenance52

Moderate activity, may be stable

Popularity40

Moderate usage in the ecosystem

Community18

Small or concentrated contributor base

Maturity78

Established project with proven stability

 Bus Factor1

Top contributor holds 94.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~146 days

Recently: every ~177 days

Total

16

Last Release

767d ago

Major Versions

1.2.0 → 4.0.0-beta.12022-04-20

v4.x-dev → 5.0.0-beta12024-04-11

### Community

Maintainers

![](https://www.gravatar.com/avatar/9d008342ae63e14503bcee1a019015893578554e4d2cc567a41d87725d870c92?d=identicon)[percipio](/maintainers/percipio)

---

Top Contributors

[![michtio](https://avatars.githubusercontent.com/u/5818021?v=4)](https://github.com/michtio "michtio (51 commits)")[![khalwat](https://avatars.githubusercontent.com/u/7570798?v=4)](https://github.com/khalwat "khalwat (1 commits)")[![niektenhoopen](https://avatars.githubusercontent.com/u/3450011?v=4)](https://github.com/niektenhoopen "niektenhoopen (1 commits)")[![Zae](https://avatars.githubusercontent.com/u/96126?v=4)](https://github.com/Zae "Zae (1 commits)")

---

Tags

securitycmsCraftcraftcmscraft-pluginpasswordsstrong passwords

### Embed Badge

![Health badge](/badges/percipioglobal-craft-password-policy/health.svg)

```
[![Health](https://phpackages.com/badges/percipioglobal-craft-password-policy/health.svg)](https://phpackages.com/packages/percipioglobal-craft-password-policy)
```

###  Alternatives

[craftpulse/craft-password-policy

Password Policy plugin

2826.0k1](/packages/craftpulse-craft-password-policy)[nystudio107/craft-seomatic

SEOmatic facilitates modern SEO best practices &amp; implementation for Craft CMS 5. It is a turnkey SEO system that is comprehensive, powerful, and flexible.

1741.4M46](/packages/nystudio107-craft-seomatic)[verbb/image-resizer

Resize assets when they are uploaded.

127269.1k7](/packages/verbb-image-resizer)[enupal/backup

Fully integrated Backup solution for Craft CMS

1612.5k1](/packages/enupal-backup)[born05/craft-csp

Content Security Policy (or CSP) generator using nonces.

1110.2k](/packages/born05-craft-csp)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)