Hits: 12523

User Rating: 4 / 5

User - Password Policy Plugin extends the password policy as defined by Joomla!. A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.

Maximum password age

The Maximum password age policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 180, or you can specify that passwords never expire by setting the number of days to 0. You can set this option both globally and for each individual user. The plug-in is designed to follow the most restrictive policy.

When the password expires the user will be redirected to the password change page.

Password expiration reminder

If set to Yes, the plug-in alerts users to change their expiring passwords 30, 15, 7, 3, 2, 1 day before it expires.

Minimum password age

The Minimum password age setting determines the period of time (in days) that a password must be used before the user can request to change it. The Minimum password age must be less than the Maximum password age.

If you set a Maximum password age for a user greater than or equal to the Minimum password age, the plug-in uses the value immediately preceding the Maximum password age as the Minimum password age.

Enforce password history

The Enforce password history setting defines the number of new unique passwords that must be associated with a user account before an old password can be reused.

Account expires

The date after which the user account will be blocked on login.

User Actions Log

User - Password Policy 3.9 supports User Actions Log.

J2XML - Users Importer

You can set some user parameters via the plug-in J2XML - Users Importer:

Maximum password age
profile.passwordpolicy.maximumPasswordAge (integer);
Expiry date
profile.passwordpolicy.expiryDate (ISO 8601 datetime YYYY-MM-DD hh:mm:ss)


User - Password Policy 3.9.4

Type: application/zip

Size: 12.61 KiB

Last updated 2019-07-09 11:46:14


  • Password generator
  • Account lockout after a set number of failed sign-in attempts

Well-known bugs

  • The plug-in never requires a password change if the Maximum password age option is globally set to zero.
Back to Top