Password Policy

Password Policy plugin for Craft CMS 3

Enforce a password policy on your users. This plugin can also check the Have I been Pwned database to make sure users use a password that is secure.


You can configure this plugin through the plugin settings or by adding a config/password-policy.php file:


return [
    // Minimum password length
    "minLength" => 16,
    // Maximum password length
    "maxLength" => 160,
    // Force users to use different cases
    "cases" => false,
    // Require at least 1 number
    "numbers" => false,
    // Require at least one symbol
    "symbols" => false,
    // Check the Have I been Pwned database
    "checkPwned" => true,


Package Name

To install this plugin, search for its package name on the Plugin Store and click “Install”.


  • Version 1.1.0
  • Last Update 4/16/2021
  • Active Installs 908
  • Compatibility Craft 3
  • License MIT
  • Categories Security, Control Panel

Report an issue