Expire Passwords is the new WordPress plugin that allows you to automatically expire user account passwords after a set time interval. This way you can harden your WordPress site security and prevent unauthorized access of stale user accounts.
The plugin allows you to set the maximum number of days users are allowed to use the same password (by default the plugin takes 90 days). You can also define what user roles will be required to reset their passwords regularly (non-Administrators is set by default).
Start by installing ‘Expire Passwords’ plugin in WordPress
Upon activation, visit your admin area dashboard Users -> Expire Passwords screen, type in the number of days and tick in the user role types. By default all user roles are check except site administrator.