It is impossible to ignore security when it comes to managing WordPress sites and blogs. In fact many business site administrators choose a secure WordPress web host for their sites. On top of that, they install a WordPress firewall plugin or service, and keep a log of what is happening one their site with a comprehensive WordPress activity log plugin.
Though no software or online service solution can protect your WordPress website from your users’ weak passwords! And they do use weak passwords; statistics show that the 35% of users use weak passwords, such as password123 and qwerty123, and the majority of the rest use passwords that can be cracked.
Therefore as a WordPress site owner it is your duty to implement password policies to force strong passwords on users in order to improve the WordPress password security level of your site. In this post we will explain how you can easily do this with a plugin and a few mouse clicks. Though before, let’s see why you need to use a plugin such as the Password Policy Manager for WordPress.
Why Do You Need a WordPress Password Policies Plugin?
By default WordPress recommends a strong password whenever you forget your password, create a new user or simply want to reset your password.
Though users can and will still use weak passwords, since they are given the option. They can simply type in their weak password password123 and tick the option Confirm use of weak password, as highlighted in the below screenshot.
The only way you can force your WordPress users to use strong password for better WordPress password security is to use a plugin that allows you to enforce WordPress password policies.
How to Configure Policies for Strong WordPress Password Security
You can configure policies to enforce strong passwords on your WordPress users with the plugin Password Policies Manager for WordPress. In this section we will explain how to get started and configure the policies within just seconds.
Configuring WordPress Password Policies
Once you install the WordPress password policies plugin navigate to the Password Policies node in the Settings menu.
In this section you can configure the following password policies to enforce your users to use strong WordPress passwords:
- Password minimum length
- Use of both lowercase and uppercase letters in passwords
- Use of numbers in passwords
- Use of special characters in passwords
You can also configure how long can a password be used from the Password Expiration Policy, also known as password age. When passwords automatically expire users have to change them and avoid using the same password for months and years. You can also configure the password history policy in the plugin. The password history setting determines the number of unique new passwords users have to use before they can reuse an old password.
WordPress Password Policies Plugin Features Highlight
Apart from the password policies, the Password Policies Manager for WordPress plugin also allows you to:
- Exempt specific users or roles from the password policies
- Specify when users’ session are terminated upon password expiry
- Reset all passwords with just a single mouse click.
The last feature is definitely handy, especially in the unfortunate event of a malicious WordPress hack. When you reset all passwords with the plugin, an email is sent to all the users alerting them to reset their WordPress password.
Ensure Stronger WordPress Password Security with Policies
Help your WordPress site and multisite network users use strong passwords and harden the security of your WordPress site at the same time. Configure WordPress password policies so you can enforce strong passwords on your users. You can get started and improve WordPress password security within just seconds, with the Password Policy Manager for WordPress plugin.
Bonus tip: disable dormant users
Dormant and unused WordPress users are an easy target for malicious attackers. Regardless of the policies you enforce, if users are not being used they will always have the same password and if they are hijacked no one notices. Hence why they are a prime target.
To safeguard your website and not let inactive users jeopardize the security of your WordPress website, enable the dormant WordPress users policy on the Password Policy Manager so inactive users are locked and cannot be hijacked.