Force Strong Passwords on Users to Improve WordPress Security

Last updated on October 03rd, 2018 by Mark Grima. Filed under WordPress Security Tutorials

Force strong passwords

It is impossible to ignore security when it comes to managing WordPress sites and blogs. In fact many business site administrators choose a secure WordPress web host for their sites. On top of that, they install a WordPress firewall plugin or service, and keep a log of what is happening one their site with a comprehensive WordPress activity log plugin.

Though no software or online service solution can protect your WordPress website from your users’ weak passwords! And they do use weak passwords; statistics show that the 35% of users use weak passwords, such as password123 and qwerty123, and the majority of the rest use passwords that can be cracked.

Therefore as a WordPress site owner it is your duty to implement password policies to force strong passwords on users in order to improve the WordPress password security level of your site. In this post we will explain how you can easily do this with a plugin and a few mouse clicks. Though before, let’s see why you need to use a plugin such as the Password Policy Manager for WordPress.

Why Do You Need a WordPress Password Policies Plugin?

By default WordPress recommends a strong password whenever you forget your password, create a new user or simply want to reset your password.

WordPress recommends strong passwords

Though users can and will still use weak passwords, since they are given the option. They can simply type in their weak password password123 and tick the option Confirm use of weak password, as highlighted in the below screenshot.

Users can easily use weak passwords in WordPress

The only way you can force your WordPress users to use strong password for better WordPress password security is to use a plugin that allows you to enforce WordPress password policies.

How to Configure Policies for Strong WordPress Password Security

You can configure policies to enforce strong passwords on your WordPress users with the plugin Password Policies Manager for WordPress. In this section we will explain how to get started and configure the policies within just seconds.

Configuring WordPress Password Policies

Once you install the WordPress password policies plugin navigate to the Password Policies node in the Settings menu.

Configuring WordPress password policies in plugin

In this section you can configure the following password policies to enforce your users to use strong WordPress passwords:

  • Password minimum length
  • Use of both lowercase and uppercase letters in passwords
  • Use of numbers in passwords
  • Use of special characters in passwords

You can also configure how long can a password be used from the Password Expiration Policy, also known as password age. When passwords automatically expire users have to change them and avoid using the same password for months and years. You can also configure the password history policy in the plugin. The password history setting determines the number of unique new passwords users have to use before they can reuse an old password.

WordPress Password Policies Plugin Features Highlight

Apart from the password policies, the Password Policies Manager for WordPress plugin also allows you to:

  • Exempt specific users or roles from the password policies
  • Specify when users’ session are terminated upon password expiry
  • Reset all passwords with just a single mouse click.

The last feature is definitely handy, especially in the unfortunate event of a malicious WordPress hack. When you reset all passwords with the plugin, an email is sent to all the users alerting them to reset their WordPress password.

Ensure Stronger WordPress Password Security with Policies

Help your WordPress site users use strong passwords and also boost the security of your site at the same time. Configure WordPress password policies so you can enforce strong passwords on your users. You can get started and improve WordPress password security within just seconds, with the Password Policy Manager for WordPress plugin.

WordPress Hosting, Firewall and Backup

WP White Security is hosted on A2 Hosting, protected with BBQ:Block Bad Queries Firewall and backed up with BlogVault online WordPress backup service

Leave a Reply

Your email address will not be published. Required fields are marked *