Implementing strong password policies on WordPress multisite networks

Why do you need password policies on a WordPress multisite network?

A WordPress multisite network consists of a number of WordPress websites that can be managed from a central network dashboard. Every website on the network uses the same WordPress core and plugin files as all the other websites on the network but a number of different tables in the database. One of the main advantages of multisite networks is network users – instead of having users for every website, a network user can be granted access to all the different sites on the network. For example, a user can be an admin on one website and an author on the other.

While network users are a must-have feature in large WordPress implementations, they also have a disadvantage: an attacker only needs to guess one user’s password to potentially gain access to multiple websites or the whole multisite network. Hence why it is imperative to enforce strong password policies on WordPress multisite networks.

How to enforce strong password policies on WordPress multisite networks

WordPress only has a password strength meter, which the majority of users ignore. So the only way to enforce strong password policies on a WordPress multisite network is to install Melapress Login Security. The plugin supports multisite networks right out of the box. It supports both the subdomain and subdirectory multisite network setups.

Once you install Melapress, navigate to the Password policies tab in the network dashboard. From here, you can:

• Configure password policies per WordPress role,
• Mass reset the password of all multisite network users with one click,
• Exclude users or users with a specific WordPress role from the policies,
• Enforce password policies on custom login pages,
• Force users to change their password the first time they login.