diff --git a/CHANGELOG b/CHANGELOG
index e9a95e0a6..aa62a48c1 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,7 @@ CHANGELOG Roundcube Webmail
 - Managesieve: Added support for 'editheader' extension - RFC5293 (#5954)
 - Password: Added 'modoboa' driver (#6361)
 - Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436)
+- Password: Fix bug where new users could skip forced password change (#6434)
 - Elastic: Improved UX of search dialogs (#6416)
 - Elastic: Fix unwanted thread expanding when selecting a collapsed thread in non-mobile mode (#6445)
 - Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433)
diff --git a/plugins/password/composer.json b/plugins/password/composer.json
index 465f17c27..bed2c5574 100644
--- a/plugins/password/composer.json
+++ b/plugins/password/composer.json
@@ -3,7 +3,7 @@
     "type": "roundcube-plugin",
     "description": "Password Change for Roundcube. Plugin adds a possibility to change user password using many methods (drivers) via Settings/Password tab.",
     "license": "GPLv3+",
-    "version": "4.4",
+    "version": "4.5",
     "authors": [
         {
             "name": "Aleksander Machniak",
diff --git a/plugins/password/password.php b/plugins/password/password.php
index c7ccdc321..5b9b384b8 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -41,7 +41,7 @@ define('PASSWORD_SUCCESS', 0);
  */
 class password extends rcube_plugin
 {
-    public $task    = 'settings|login';
+    public $task    = '?(?!logout).*';
     public $noframe = true;
     public $noajax  = true;
 
@@ -65,7 +65,14 @@ class password extends rcube_plugin
             $this->register_action('plugin.password', array($this, 'password_init'));
             $this->register_action('plugin.password-save', array($this, 'password_save'));
         }
-        else if ($rcmail->config->get('password_force_new_user')) {
+
+        if ($rcmail->config->get('password_force_new_user')) {
+            if ($rcmail->config->get('newuserpassword') && $this->check_host_login_exceptions()) {
+                if (!($rcmail->task == 'settings' && strpos($rcmail->action, 'plugin.password') === 0)) {
+                    $rcmail->output->command('redirect', '?_task=settings&_action=plugin.password&_first=1', false);
+                }
+            }
+
             $this->add_hook('user_create', array($this, 'user_create'));
             $this->add_hook('login_after', array($this, 'login_after'));
         }
@@ -179,6 +186,10 @@ class password extends rcube_plugin
                 // Reset session password
                 $_SESSION['password'] = $rcmail->encrypt($plugin['new_pass']);
 
+                if ($rcmail->config->get('newuserpassword')) {
+                    $rcmail->user->save_prefs(array('newuserpassword' => false));
+                }
+
                 // Log password change
                 if ($rcmail->config->get('password_log')) {
                     rcube::write_log('password', sprintf('Password changed for user %s (ID: %d) from %s',
@@ -375,6 +386,9 @@ class password extends rcube_plugin
     function login_after($args)
     {
         if ($this->newuser && $this->check_host_login_exceptions()) {
+            $rcmail = rcmail::get_instance();
+            $rcmail->user->save_prefs(array('newuserpassword' => true));
+
             $args['_task']   = 'settings';
             $args['_action'] = 'plugin.password';
             $args['_first']  = 'true';