Today we are announcing WPassword update 2.3.0. This is an exciting release featuring the all new inactive WordPress users check. In it we also included a good number of other password policies improvements and performance updates.
Let’s dive right in to see what is new and improved in this latest update of our WPassword.
Checks for inactive WordPress users
Inactive and forgotten website users are very often targeted by malicious hackers. They are an easy target that can be used to break into a website. Attackers find them ideal because no one is monitoring them, and more often than not, they have easy passwords.
Hence why we are introducing the Inactive users check in WPassword. Once you install the plugin it will check your WordPress website for inactive users. Inactive users are locked and can only be unlocked by the WordPress site administrator.
As an additional security precaution, once unlocked users are also required to reset their passwords before they login again to the WordPress website. Read more about this feature and how to configure it in Inactive users check for WordPress.
Password strength check when creating a new user
The password policies now also apply for when a WordPress site administrator is creating a new WordPress user.
When creating a new user, the plugin displays a generic tip on password strength. However, once you select the role and try creating the user, the plugin checks the password strength. It basically checks that the password matches the policies that apply to that role.
If the password not match the policies you will be alerted about it. The plugin will also display the policies the password has to meet for the user to be created on the website.
Require users to change password on next login
Another commonly requested feature was to have the ability to require individual users to change their password the next time they login to the website.
In this update we have also added this feature. All you have to do is simply enabling the below highlighted setting in their user profile page. The next time the user tries to login, they will be prompted to reset their password.
Major performance & scalability improvement
With this new update, the plugin’s responsiveness is the same regardless if it is running on a site with 10 or 50,000 users! We have incorporated a new module that processes these type of tasks in the background.
Therefore when for example you want to reset the password of 50,000 users, you do not have to wait for the plugin to complete the task. Also, there won’t be any timeout issues. It only takes a second to send the instructions to the new module. While the module processes the request, you can continue with your work.
Other plugin improvements
In this update we have also added the following:
- A new setting to stop WordPress from automatically generating passwords,
- Inactive users’ sessions are automatically terminated,
- We have standardized all of the plugin’s settings prefixes. This is an important code improvement that makes troubleshooting and future development easier,
- Applied a few minor UI improvements.
For a complete list of what is new and improved in this exciting update of WPassword refer to the plugin’s change log.
Next level password security for your WordPress site
All of the above new features, password policies and much more are available in the latest update of WPassword. If you are not a user of this must have plugin download a demo and get started today.
Check out WPassword 2.3.0 and let us know your thoughts on all the new features. Your feedback helps us pinpoint what we will release next.