Password Policy

Password Policy plugin for Craft CMS 3

Enforce a password policy on your users. This plugin can also check the Have I been Pwned database to make sure users use a password that is secure.

Support Open Source. Buy beer.

This plugin is licensed under a MIT license, which means that it's completely free open source software, and you can use it for whatever and however you wish. If you're using it and want to support the development, buy me a beer over at Beerpay!



You can configure this plugin through the plugin settings or by adding a config/password-policy.php file:


return [
    // Minimum password length
    "minLength" => 16,
    // Maximum password length
    "maxLength" => 160,
    // Force users to use different cases
    "cases" => false,
    // Require at least 1 number
    "numbers" => false,
    // Require at least one symbol
    "symbols" => false,
    // Check the Have I been Pwned database
    "checkPwned" => true,


Package Name

To install this plugin, search for its package name on the Plugin Store and click “Install”.


  • Version 1.0.4
  • Last Update 10/7/2018
  • Active Installs 843
  • Compatibility Craft 3
  • License Craft
  • Categories Security, Control Panel

Report an issue