I agree that a warning message is absolutely necessary! I tested this plugin out on a local WP installation and excluded all user roles from the policy except for 1 role with a test user. I then clicked “Reset All Passwords” thinking that:
1) Only users who are not excluded from the policy would be reset and
2) Per this plugin’s FAQ “the user will be notified and asked to change the password upon trying to login to WordPress“.
Turns out both of those were wrong. Passwords were reset for ALL users (even those excluded from the policy). This wouldn’t have been a big deal since this was my local installation BUT without any notification every user in the database (1000+ individuals in my case) were sent emails saying that their password had been reset! Not having a message indicating that emails will be sent, nor settings related to email anywhere on the admin screen is begging for trouble.
I realize in hindsight that you mention sending emails in the 11th paragraph on the description page but such an important item should be made very explicit in the plugin! Please make this change to save future users a big headache…
