Today I released a new plugin for WordPress called Expire Passwords.
This latest product is a continuation on my streak of other plugin releases that also deal with the topic of user session security.
The idea here is pretty simple.
If you have registrations open on your WordPress site, chances are there is a decently-sized group of users that have simply gone MIA. They have accounts, and they might come back later, but you’re just not sure when that will be.
The fact of the matter is, the more active login accounts you have on your site, the more potential opportunities there are for break-ins. And once a hacker is authenticated inside WordPress with the right kind of capabilities, the more opportunities there are to do some real damage.
This plugin is meant to mitigate the risk of unauthorized access to those stale user accounts by requiring users to reset their password on a regular basis.
Furthermore, the “freshness” of passwords for all the active users on your site will also be increased. Too many users have the bad habit of using the exact same password for nearly all of their online accounts. These types of users that register for your site should be thought of as increased security risks.
The Expire Passwords plugin is an effective way to deter users from engaging in this kind of blasphemous password behavior.
Lastly, there are some market sectors such as government, banking or healthcare where security regulations may even require that password resets be performed regularly. We want those types of organizations using WordPress too, so this plugin can help them line up WordPress as a CMS with their existing corporate requirements.
As always I would love your thoughts and feedback on my latest product creation.
Are there other benefits you see that I haven’t thought of?
Let me know in the comments!