Password Policy

Password Policy plugin for Craft CMS 3

Enforce a password policy on your users. This plugin can also check the Have I been Pwned database to make sure users use a password that is secure.

Support Open Source. Buy beer.

This plugin is licensed under a MIT license, which means that it's completely free open source software, and you can use it for whatever and however you wish.


You can configure this plugin through the plugin settings or by adding a config/password-policy.php file:


return [
    // Minimum password length
    "minLength" => 16,
    // Maximum password length
    "maxLength" => 160,
    // Force users to use different cases
    "cases" => false,
    // Require at least 1 number
    "numbers" => false,
    // Require at least one symbol
    "symbols" => false,
    // Check the Have I been Pwned database
    "checkPwned" => true,


Package Name

To install this plugin, search for its package name on the Plugin Store and click “Install”.


  • Version 1.0.6
  • Last Update 5/29/2020
  • Active Installs 509
  • Compatibility Craft 3
  • License MIT
  • Categories Security, Control Panel

Report an issue