This plugin is also ideal for sites needing to meet certain industry security compliance – such as government, banking or healthcare. This can harden the security of your site by preventing unauthorized access to stale user accounts.
In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default). Also, users are not permitted to use the same password two times in a row during reset.
This plugin requires: 4.0 or higher and it is compatible up to: 4.7.2. The last updated is 2 months ago with 1,000+ active installs. Since not every company requires this features but we have tested and it works like a charm.
This plugin can be found at https://wordpress.org/plugins/expire-passwords/