How to expire all wordpress user passwords instantly?

Some underlying functionality borrowed from http://wordpress.org/extend/plugins/auto-expire-passwords/ , and tweaked. Untested, but along the lines of what you are looking for, so YMMV.

function custom_forced_password_reset( $user ) {
    update_user_meta( $user->ID, 'password_was_force_reset', true );
}
add_action( 'password_reset', 'custom_forced_password_reset' );    

// Ensure all new register users have the flag set
function custom_forced_password_user_register($user_id){
    update_user_meta( $user_id, 'password_was_force_reset', true );
}
add_action( 'user_register', 'custom_forced_password_user_register', 10, 1 );

function custom_log_in_check( $user, $username, $password ) {
    if ( is_wp_error( $user ) )
        return $user;

    // Check we're dealing with a WP_User object
    if ( ! is_a( $user, 'WP_User' ) )
        return $user;

    // This is a log in which would normally be succesful
    $user_id = $user->data->ID;


    $reset = get_user_meta( $user_id, 'password_was_force_reset', false );
    if ( empty( $reset ) || $reset == false ) {
            $user = new WP_Error( 'authentication_failed', sprintf('<strong>ERROR</strong>: You must <a href="https://wordpress.stackexchange.com/questions/50093/%s">reset your password</a>.', site_url( 'wp-login.php?action=lostpassword', 'login' ) ) );
    }

    return $user;
}
add_filter( 'authenticate', 'custom_log_in_check', 30, 3 );

Related Posts:

  1. Will WordPress username displayed somewhere in the site?
  2. Auto delete WordPress users according to time
  3. Specific way to allow WordPress users to view their current password? And edit it?
  4. Unwanted Links and Spam WordPress Pages and Posts
  5. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  6. What Are Security Best Practices for WordPress Plugins and Themes? [closed]
  7. WP_User_Query and non-unique usermeta data
  8. Why “Contact Form 7” doesn’t update PHPmailer library?
  9. Experiences with adding Nonces to the comment form
  10. Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
  11. What does a security risk in a plugin look like?
  12. Loading posts associated only to the logged in user on recent posts page
  13. How can i force Display names to be the same as Usernames?
  14. WordPress Capabilities: edit_user vs edit_users
  15. How to create custom LOGIN and REGISTRATION forms?
  16. $current_user var returns NULL
  17. Multisite functions to communicate with individual site functions
  18. Should I use RIPS tool to test my themes and plugins?
  19. WordPress Plugin for One-Time Event Registration? [closed]
  20. How many security plugins are too many? [closed]
  21. Upgrading WordPress 4.0 asks for FTP password
  22. How Restrict access to admin dashboard by specific static ip?
  23. Upload files programmatically to users
  24. Protecting against malicious code in WordPress plugin updates
  25. Something is generating spam pages on my site
  26. How to limit WordPress pages during updates?
  27. Mass Import Users without sending new user notification
  28. rms_unique_wp_mu_pl_fl_nm.php
  29. Current user in plugin returns NULL
  30. Security checking in meta_box save is reluctant?
  31. Two people sharing user in WordPress [closed]
  32. How to upload user profile image from frontend in wordpress ?
  33. Average Account Age
  34. How to keep users unique id stored in session in addition to IP in WordPress plugin?
  35. How To Clean The Malware Infected & Hacked WordPress Websites? [duplicate]
  36. How to get current post user id
  37. wp_create_nonce function doesn’t work inside a plugin?
  38. Headers Content-Security-Policy CSP Major Issue
  39. Nonce failing on form submission
  40. How to create restrict content to users (by user, not by role)
  41. How can I change the meta_key for a particular piece of information?
  42. I should enable automatic updates?
  43. Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
  44. Prevent direct access to WordPress plugin assets?
  45. Understanding State in WordPress Multisites
  46. How to have sample page for each new register users in a membership website
  47. UpdraftPlus installed malware – scared to download or update plugins now! [closed]
  48. Too many login attempts
  49. Website show Google Ads when we have no Google Ads linked to our website
  50. Is there a plugin for WordPress for creating ‘Accounts’ where all users who belong to that Account can only see Account data? [closed]
  51. Add User Role: Pre-saved in User-Meta [SOLVED]
  52. Custom API plugin to execute 3rd party API to retrieve data
  53. how do I secure my WP website from hackers? [closed]
  54. Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
  55. How limit user connection?
  56. How to pass a query string to another page on the same site?
  57. Webservice credential storage [duplicate]
  58. WordPress /users/me endpoint request forbidden
  59. Regarding plugin security
  60. Personalized Author Area
  61. How to auto strip hyperlinks & images in wordpress post
  62. Is this plugin safe to run?
  63. Plugin privelages for “editors”
  64. Is the Block Bad Queries Plugin Still Relevant?
  65. Shortcode not displaying HTML within the function
  66. Janrain/Simple Modal under Redirected Domain
  67. Can’t save changes or modify settings in Dashboard but Pages and Posts are fine
  68. Hide plugins and theme from public
  69. Disable Author Archive just for certain roles in bulk
  70. Security of a WordPress Plugin
  71. Validating ajax search
  72. Can we hide a certain user in WP?
  73. how to create user profile pages and display them based on users roles
  74. prevent anonymous access to WordPress site (non-admin site)
  75. After reading 3 story by user ask for subscription popup
  76. Bing/msn bots is heavily requesting random of my website
  77. Comment restrictions Wodpress
  78. Securing a plugin pop-up window
  79. How do I run my custom function in my plugin when a wordpress user is deleted?
  80. User / membership Plugin [closed]
  81. How to see in Edit Comments if comment is from User and her Roles
  82. Custom User Notice Upon Login
  83. How can I save cookies to members
  84. How to order users alphabetically by name? in plugin UPME
  85. Defined user role to access plugin’s pages
  86. How can i see/log all requests coming from a registration form (not from the UI)?
  87. Write mysql credentials in plugin
  88. Site is continuously accessing by several IPs
  89. SWF in wordpress post
  90. How change menu for each user in plugin?
  91. How to set different users for different pages?
  92. Want to add post to user dashboard
  93. 404 Page when emptying spam or deleting a plugin
  94. File permissions for wp-minify plugin
  95. What is the recommended way to be notified of security updates to my plugins? [closed]
  96. How to give access to the particular page in wordpress for specific username/email NOT roles [closed]
  97. Share or sync user table data with another user table
  98. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  99. Issues with creating user profile for a subscriber, but with different profile page and functionalities
  100. Block Root REST API Route using custom &/or iThemes
techhipbettruvabetnorabahisbahis forumutaraftarium24eduseduseduedusedueduedueduedusedu