PHPackages                             rias/craft-password-policy - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. rias/craft-password-policy

AbandonedCraft-plugin[Authentication &amp; Authorization](/categories/authentication)

rias/craft-password-policy
==========================

Enforce a password policy on your users.

1.0.5(6y ago)2820.8k12[1 issues](https://github.com/riasvdv/craft-password-policy/issues)[3 PRs](https://github.com/riasvdv/craft-password-policy/pulls)MITPHPCI passing

Since Apr 7Pushed 1w ago1 watchersCompare

[ Source](https://github.com/riasvdv/craft-password-policy)[ Packagist](https://packagist.org/packages/rias/craft-password-policy)[ RSS](/packages/rias-craft-password-policy/feed)WikiDiscussions v5 Synced yesterday

READMEChangelog (10)Dependencies (2)Versions (7)Used By (0)

Password Policy plugin for Craft CMS 5.x
========================================

[](#password-policy-plugin-for-craft-cms-5x)

The Password Policy plugin is a powerful tool for enforcing secure password policies within your Craft CMS 5 installation. It helps administrators define and manage password rules for users, enhancing security and compliance in multi-user environments.

[![Screenshot](./resources/img/password-policy.jpg)](./resources/img/password-policy.jpg)

Requirements
------------

[](#requirements)

This plugin requires Craft CMS 5.0.0 or later.

Installation
------------

[](#installation)

To install Password Policy, follow these steps:

1. Open your terminal and go to your Craft project:

    ```
     cd /path/to/project

    ```
2. Then tell Composer to load the plugin:

    ```
     composer require craftpulse/craft-password-policy

    ```
3. Install the plugin via `./craft install/plugin password-policy` via the CLI, or in the Control Panel, go to Settings → Plugins and click the “Install” button for Password Policy.

You can also install Password Policy via the **Plugin Store** in the Craft Control Panel.

Password Policy works on Craft 5.x.

Configuration options
---------------------

[](#configuration-options)

### Minimum Password Length

[](#minimum-password-length)

Define the minimum number of characters a password must contain. Default: `8`

### Complexity Requirements

[](#complexity-requirements)

The following requirements can be enabled in the plugin settings:

- At least one uppercase and lowercase letter
- At least one number
- At least one special character (e.g., !@#$%)

### Password Strength Indicator

[](#password-strength-indicator)

A password strength indicator can be enabled to aid your users into choosing a stronger password

### Content Security Policy (CSP) Nonce Support

[](#content-security-policy-csp-nonce-support)

For sites with strict Content Security Policy requirements, the plugin supports CSP nonces for the password indicator script. This is useful for CSP policies that require nonces for all external scripts instead of allowing `'self'`. **The plugin does NOT set CSP headers** - you must configure these yourself.

**Note:** Most users don't need this feature. Only enable if you have strict CSP policies that require nonces for external scripts. This should only be activated if it's available on the front-end.

### Have I been pwned?

[](#have-i-been-pwned)

Enhance your security by ensuring users can not select any leaked password. This employs the k-Anonymity method to validate passwords against the Pwned Passwords API without compromising user privacy by revealing passwords to an external service.

### Password Retention Features

[](#password-retention-features)

#### Password Expiration Method

[](#password-expiration-method)

You can determine the period in days,weeks,months or years when a password should expire. If you want to make use of this functionality, you can find this under Utilities → Password Retention → Force Reset Passwords. Or if you want to use this utility through the CLI for e.g. a cronjob you can use `craft password-policy/retention/force-reset-passwords`.

Brought to you by [CraftPulse](https://craft-pulse.com/)

###  Health Score

48

—

FairBetter than 94% of packages

Maintenance63

Regular maintenance activity

Popularity33

Limited adoption so far

Community16

Small or concentrated contributor base

Maturity67

Established project with proven stability

 Bus Factor1

Top contributor holds 94.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~103 days

Recently: every ~128 days

Total

6

Last Release

2442d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/dbd355ba9a931da845b0c4ff59a974dab98f829d567bb8c5ff435c823dfa255e?d=identicon)[riasvdv](/maintainers/riasvdv)

---

Top Contributors

[![michtio](https://avatars.githubusercontent.com/u/5818021?v=4)](https://github.com/michtio "michtio (52 commits)")[![khalwat](https://avatars.githubusercontent.com/u/7570798?v=4)](https://github.com/khalwat "khalwat (1 commits)")[![niektenhoopen](https://avatars.githubusercontent.com/u/3450011?v=4)](https://github.com/niektenhoopen "niektenhoopen (1 commits)")[![Zae](https://avatars.githubusercontent.com/u/96126?v=4)](https://github.com/Zae "Zae (1 commits)")

---

Tags

cmsCraftcraftcmscraft-pluginstrong passwords

### Embed Badge

![Health badge](/badges/rias-craft-password-policy/health.svg)

```
[![Health](https://phpackages.com/badges/rias-craft-password-policy/health.svg)](https://phpackages.com/packages/rias-craft-password-policy)
```

###  Alternatives

[verbb/knock-knock

Password protect your public facing Craft website with a single password.

17122.8k7](/packages/verbb-knock-knock)[matt-west/craft-recaptcha

Integrate Google’s reCAPTCHA into your forms.

1959.9k1](/packages/matt-west-craft-recaptcha)[jamesedmonston/graphql-authentication

GraphQL authentication for your headless Craft CMS applications.

2917.0k](/packages/jamesedmonston-graphql-authentication)[thejoshsmith/craft-fab-permissions

Give yourself better control over your sections with Craft Field and Tab (FAB) Permissions. Restrict which tabs and fields are visible to different user groups.

1611.5k](/packages/thejoshsmith-craft-fab-permissions)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)