Skip to content
Enforce a password policy on your Craft CMS users.
Branch: master
Clone or download
Latest commit 670e56e Oct 7, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.


Latest Version Quality Score StyleCI Total Downloads

Password Policy plugin for Craft CMS 3

Enforce a password policy on your users. This plugin can also check the Have I been Pwned database to make sure users use a password that is secure.

Policy Errors: Screenshot

Password Strength Indicator Screenshot

Support Open Source. Buy beer.

This plugin is licensed under a MIT license, which means that it's completely free open source software, and you can use it for whatever and however you wish. If you're using it and want to support the development, buy me a beer over at Beerpay!



This plugin requires Craft CMS 3.0.0.


You can install this plugin through the plugin store.


You can configure this plugin by adding a config/password-policy.php file:


return [
    // Minimum password length
    "minLength" => 16,
    // Maximum password length
    "maxLength" => 160,
    // Force users to use different cases
    "cases" => false,
    // Require at least 1 number
    "numbers" => false,
    // Require at least one symbol
    "symbols" => false,
    // Check the Have I been Pwned database
    "checkPwned" => true,
    // Show a password strength indicator
    "showStrengthIndicator" => true,

Or through the plugin settings


Brought to you by Rias

You can’t perform that action at this time.