Implementing strong password policies on WordPress multisite networks
Why do you need password policies on a WordPress multisite network?
A WordPress multisite network consists of a number WordPress websites that can be managed from a central network dashboard. Every website on the network uses the same WordPress core and plugin files as all the other websites on the network, but a number of different tables in the database. One of the main advantages of multisite networks are network users – instead of having users for every websites, a network user can be granted access to all the different sites on the network. For example a user can be an admin one one website and an author on the other.
While network users are a must have feature in large WordPress implementations, they also have a disadvantage: an attacker only needs to guess one users’ password to potentially gain access to multiple websites, or the whole multisite network. Hence why it is imperative to enforce strong password policies on WordPress multisite networks.
How to enfroce strong password policies on WordPress multisite networks
WordPress only has a password strength meter, which the majority of users ignore. So the only way to enforce strong password policies on a WordPress multisite network is to install the Password Policy Manager for WordPress plugin. The plugin supports multisite networks right of the box. It supports both the sub domain and sub directory multisite network setups.
Once you install the Password Policy Manager for WordPress plugin, navigate to the Password policies tab in the network dashboard. From here you can:
- configure password policies per WordPress role,
- mass reset the password of all multisite network users with one click,
- exclude users or users with a specific WordPress role from the policies,
- enforce password policies on custom login pages,
- force users to change their password the first time they login.