I’ve put together a quick plugin at https://github.com/lumpysimon/wp-force-password-change in response to your question and a recent client request for exactly the same thing.
It adds a user meta field on registration, then checks for the presence of this when a user is logged in. If it’s not there, they are redirected to the edit profile page and an admin notice is displayed. After they change their password the user meta field is removed.
Related Posts:
- wordpress redirect after password reset
- Password protecting a page
- How to save Admin FTP password
- How can I change the default wordpress password hashing system to something custom?
- Conditional to test if post has password protection enabled
- Bypass password protected posts via GET variable
- Check the password of a user
- Create a USERNAME and PASSWORD protected WordPress page
- Why do generated passwords start/end with spaces?
- Duplicate hash method for password in .NET
- Hide password protected posts
- Safe to store SMTP password in wp-config.php?
- Access code/password only restricts page access, no user registration..?
- PasswordHash not found in namespace
- Force all users in MU to change their passwords
- Reseting admin password through PHPMyadmin fails
- Forgot password not working
- Password reset message – change the network_home_url( ‘/’ )
- Redirect a password protected page?
- Can’t login to wordpress despite changing password to something known directly in MySQL or using “Password Reset by Email” feature
- Lost password link redirects to my-account/lost-password/,how to fix it back to default lost password
- Password protect custom template
- Set content type to HTML for lost password email only
- Custom password generator for users
- Where is the reset password key stored/generated?
- How validate usernames/passwords against WP’s database?
- Make post password required to publish
- WordPress reset password returns invalid key
- Add error message on password protected pages
- User password field is empty
- Password reset bug? – “Sorry, that key does not appear to be valid”
- How to set minimum length and error message for password recovery?
- Get plain password on register
- post_password_required() not recognizing cookie set with correct password
- Password protect the site (without htaccess or membership)
- Password Protected page not asking for a password
- I would like to password protect my entire WordPress site (ip validated), except for one page
- Password protection for page template
- how to remotely check a username / password from within a plugin
- Password changed [duplicate]
- Enable Update button only when password is shown strong
- Adding parameters to password reset key
- Custom password form allows unlock two posts with the same password
- How to change password
- Generating the password reset link automatically
- password recovery key is invalid on custom reset
- Password Protected Post is invisible until you login
- Send password to user instead of reset password link
- Protect Passwords in wp_users with stronger protection than MD5
- Custom form for password protected page
- How secure is a wp-config file?
- How to Remove or Deactivate “Application Passwords” in WordPress
- How to change “Reset Password” text on submit button
- How to recover password from a user
- resend user login & password with custom button
- How to show my wordpress admin username & password?
- Why does hashing a password result in different hashes, each time?
- Can’t alter $lostpassword_url
- current user’s password check
- lostpassword_redirect filter is not used
- How to read third party cookie to access password protected pages
- Ask logged in user to re-enter password to access page “x”
- Password Protect or IP to access under development WordPress site otherwise shown a placeholder page
- Password protected sites
- Password-protected page redirecting to frontpage when I enter the password
- 2 accounts under same email preventing me from loging in
- How would I create a Password Protected Page with Content on it?
- Site only for users authenticated by different PHP application
- WooCommerce Lost Password reset goes to 404
- I need help with wp_lostpassword, wp_register and wp_login_form
- Automatically change the page password for more than one page
- I can’t recover my password
- Frontend custom forgot password page
- Cannot get function.php code to work to remove Lost Password link on live site
- Problem with login / reset password links in users emails
- Password Protect content() on homepage
- Function called by password_reset action passed only 1 argument instead of 2 in PHP 7.2.11
- How to set password from frontend if have activation key and user login in url in wordpress?
- Allow users from my ASP.Net MVC site to access my private WordPress site
- How do I display the password field on the WordPress user registration screen?
- WordPress Protected Page Redirects to PDF
- Bypass a WordPress Password Protected Post or Page via a URL
- Custom page password recovery
- Can I use core passworded page/post functions outside of wp-login.php?
- Is it possible to display newly generated password after wp_generate_password()?
- Password protect wp-login.php
- forgot password
- Revise my keyword but still cannot login
- mysql update user’s password and activation key
- Is it possible to have users register without having a password?
- Password Protection for posts and pages [duplicate]
- Reset Password – change from name and email address. It stucks at admin. Want to change it to info
- WordPress reset password button not working
- check if post is set to “password protected”
- Override the default password length when creating or updating a user profile
- Why can’t I create an Application Password?
- ‘random_password’ filters not taking effect
- FTP Password (not private key-value pair) for EC2 Instance
- How to Disable Pre-population of Password on Password Reset
- Bypass a WordPress Password Protected Page via url