How can I force a specific password?

You can use this code in your functions.php to restrict users below admin level from changing their passwords:

if ( is_admin() ) {
  add_action( 'init', 'disable_password_fields', 10 );
}

function disable_password_fields() {
  if ( ! current_user_can( 'activate_plugins' ) ) {
    $show_password_fields = add_filter( 'show_password_fields', '__return_false' );
  }
}

The admin should probably register each user manually if possible and select a strong password for them.

Edit – Changed user level check. Syntax.

Related Posts:

  1. Where to securely store API keys and passwords in WordPress?
  2. Why are passwords exportable as plain text in WordPress?
  3. How is password strength calculated?
  4. Make password invalid once logged out of password-protected page
  5. Can’t reset WordPress password
  6. Is the “lost password” feature truly a vulnerability?
  7. Frontend Password change
  8. Is it possible to reduce the minimum character length for passwords?
  9. Is there any point setting the keys and salts in wp-config.php?
  10. When is wp_set_password() called or how to capture a password
  11. Moving away from MD5: Where to declare the custom global $wp_hasher?
  12. How to get WordPress to send Password Reset Link Email instead of New Password?
  13. Basic password protection without using users and roles
  14. Can a WordPress administrator see other users’ passwords?
  15. After limiting the access to my wp-login.php by IP through .htaccess, all my password-protected posts stopped working. What’s the best solution now?
  16. Password-protect feed and make it usable in major aggregators
  17. Could a user account with a stolen password compromised entire WP site?
  18. How to set custom validation for WordPress Passwords?
  19. Is my WP site being hacked?
  20. How to get real password (before encrypt) when register a user?
  21. Directory to store secure file
  22. Can you alter the default wordpress strong password requirements?
  23. What’s the best approach for generating a new API key?
  24. Simplest two-way encryption using PHP
  25. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  26. how fix “this certificate cannot be verified up to a trusted certification authority”
  27. How can bcrypt have built-in salts?
  28. Getting a List of Currently Available Roles on a WordPress Site?
  29. Prevent access or auto-delete readme.html, license.txt, wp-config-sample.php
  30. How safe / sanitized is wp_insert_posts()?
  31. From a security standpoint, should bloginfo() or get_bloginfo() be escaped?
  32. Enforcing password complexity
  33. Is there a way to force ssl on certain pages
  34. What is the purpose of having a token in cookies?
  35. Regular security checks – what steps should be included?
  36. What are the pros and cons of using a custom front-end to retrieve content from a WordPress back-end
  37. Do Cookies Need to be Sanatized Before Being Saved?
  38. Is WP vulnerable when updating plugins or themes?
  39. Disable external access to REST API Endpoint
  40. What is the wp-includes/certificates/ca-bundle.crt used for?
  41. Do you need to escape hard coded plain text?
  42. Encrypt emails?
  43. Garbage in beginning of wp-config.php – was this WP installation compromised?
  44. WordPress salts set in config and database
  45. Disallow file edit not preventing plugin install
  46. How to secure WordPress XMLRPC?
  47. How can I find security hole in my wordpress site?
  48. Does WP show me if I’m logged in from multiple locations?
  49. Is it necessary to use esc_url with template tags such as get_permalink?
  50. WordPress Malware Problem help! [duplicate]
  51. Staging Site: Made Public – Security Questions
  52. Best Way to Enable Two Step Authentication
  53. Restrictive File Permissions
  54. Why are xmlrpc.php and wp-cron.php being called so often?
  55. Using esc_html with HTML purifier and CSSTidy: Overkill?
  56. wordfence scan warning on W3 Total Cache [closed]
  57. No option “I would like my site to be private, visible only to users I choose” in Privacy Settings
  58. wp-config.php modified?
  59. How do I properly update the WordPress database password?
  60. Suspicious Files
  61. How to save iframe tag into a post?
  62. wp-json and what data does it give away?
  63. Is is necessary to use security plugin for wordpress? [closed]
  64. neccessary?
  65. Is wp_kses the right approach in sanitizing this string?
  66. Reset Password policy
  67. iTheme Security always lockout my account [closed]
  68. Is it sensible to worry about sanitizing admin input in plugin custom CSS?
  69. Renaming install.php for security?
  70. Which Versions of WordPress Ship with the Patched TimThumb?
  71. Use global variables or function that returns said variables for site-wide private-ish WP settings?
  72. Is it safe to give wordpress directories ownership to www-data?
  73. Use Google authentication for pages within a website [closed]
  74. Do we need to escape data that we receive from theme options?
  75. Why does WordPress change a file’s permissions?
  76. Side effects of disallowing *.php requests in production environment?
  77. Outgoing new connection to linked Websites – why?
  78. My Site keeps crashing due to the wp-confg file being deleted
  79. Someone keeps changing my SITEURL (mysql injection or xss?) [closed]
  80. How WordPress sanitizes post content on save? Or it doesn’t?
  81. Replace domain in database
  82. What highest security brake with wordpress and static files?
  83. Spam in WordPress root folder
  84. Has anyone developed a anti-spam plugin to simply allow users to BLOCK whatever they wish to, but one that will also go easy on IP addresses?
  85. HSTS header not being added correctly
  86. how to protect wordpress content from crawler
  87. Is it okay to use an ACF field to store a password for a protected area of a page?
  88. Cannot access wp admin of WordPress website (security plugin issue) [closed]
  89. Why are the latest visits to my website originating from my own website?
  90. Secure Multiple WordPress Installations on shared hosting
  91. How do I hide WordPress users from security scanning?
  92. Background Updates Not Happening
  93. wp-config.php file and code injection
  94. FORCE_SSL_ADMIN affecting subdomains
  95. What is the best security $_POST method?
  96. My WP site and password was hacked, what to do? [closed]
  97. Bank account number and Sort Code in a form [closed]
  98. How do you search for backdoors from the previous IT person?
  99. Is wp-cron.php vulnerable to external attacks and how to protect it?
  100. How to address security vulnerabilities: LUCKY13, BEAST, and BREACH