Cypress North Password Policy Plugin

Description

Cypress North Password Policy enforces a strong, modern password policy on your WordPress site. Defaults align with NIST 800-63B guidance: length over composition rules, denylist screening, breach-corpus checks, and rate-limited login. Every setting is admin-configurable.

FEATURES

• A password rule engine that validates on user registration, password reset, and profile updates — covering minimum length, character requirements, breach-corpus check via the Have I Been Pwned k-anonymity API, denylist of common passwords, edit-distance check against the current password, and a per-user history check.
• Layered failed-login lockout: separate thresholds per IP and per username, with rolling windows and auto-release. Generic “invalid credentials” error responses so locked state is not disclosed to attackers.
• A soft-force interstitial that catches users at next login when their password is expired, breached, or below the active policy — they cannot escape without choosing a compliant new password.
• Daily email summary for administrators when attack rates spike.
• Per-user notification emails on password change, lockout, and expiration warnings.
• GDPR exporter + eraser that integrate with WordPress’s built-in Personal Data tools.
• Audit log of every relevant event (login failures, lockouts, password changes, compliance state transitions) viewable in the admin.
• Cleanup cron that trims old failed-attempt rows on a configurable schedule.
• WP-CLI wp cnpp unlock command to release a stuck IP or username without opening the admin.
• Multisite-aware: super-admin can globally configure or delegate per-site management.