How to Enforce Secure Passwords on Your WordPress Website

We’re willing to bet that you probably know all about using secure passwords for your WordPress admin account. However, you can’t take for granted that other users will do the same.

To make sure your site remains safe, you’ll want to ensure all passwords are secure. While WordPress includes a function to create a secure password, it’s completely optional. As with many WordPress tasks, the answer lies in using a plugin to enforce users to use strong passwords on WordPress’ back end.

In this article, we’ll discuss the importance of password security. We’ll then show you what features WordPress offers in this area, and introduce a more secure solution. Let’s get started!

A Quick Primer on Strong, Secure Passwords

Let us start at the beginning. Of course, one of the most basic ‘laws’ of the internet is that strong passwords are essential to keeping your site protected. In fact, there’s been so much discussion of the topic that you’d be forgiven for letting it wash over your head.

However, ignoring password security is incredibly dangerous, for reasons we’ll get onto shortly. For now, let’s give you one simple rule to make sure you’re able to manually create strong passwords:

Despite previous, long-told advice about mixing letters, numbers, and characters, length is the most important aspect of a strong password. In short, the longer your password, the better.

The reason for this is due to the so-called ‘brute force’ method for cracking passwords. Because of this, you’ll simply want to make your password so long that it will take a mathematical eon to break. You can actually see how long it will take to crack a password using a site like How Secure Is My Password?:

Of course, this isn’t to say that you should kick password complexity to the curb. There does need to be a balance between simply writing “a” twenty times, and having an eight-character jumble of letters, numbers, and symbols. However, you can still use full words to create a solid, uncrackable password.

Why You Should Put So Much Stock in Secure Passwords

While you may be aware of the importance of using a secure password, the same might not be true for your users. Microsoft Regional Director Troy Hunt recently published a list of poor-quality passwords and made the assumption that 86% of those he came across had already been breached.

This is alarming for several reasons, not least that the vast majority of people are using passwords freely available for everyone to see. The passwords themselves are another aspect. Some of the most commonly used passwords were downright lazy and basic, such as “qwerty”, “123456”, and “password”.

We’d bet that you don’t want to let your users jeopardize your site by allowing your users to use such easily-crackable password. Fortunately, it’s possible to avoid if you’re using WordPress. Let’s take a look at how you can let users create much better, safer passwords.

How to Enforce Secure Passwords on Your WordPress Website

Because secure passwords are the foundation of protecting your site, it makes sense to highlight this as early as possible to the user. As such, WordPress offers a simple checker and generator, baked into core:

WordPress' password generator.

Users can access this tool through the Users > All Users screen within WordPress. They can then click Generate Password within the individual user profile.

However, there’s one big downside to this approach – it’s entirely optional. As such, you’ll want to implement a dedicated plugin that actually forces all users on your site to create a strong password. Enter the Password Policy Manager plugin:

This plugin was created by leading WordPress security developers WP White Security and gives you a comprehensive set of tools to enforce strong passwords. For example, you can set a maximum password age, so that users generate a fresh one at the time of your choosing. What’s more, you have a flexible approach to terminating user sessions.

As for the base functionality, you can configure the overall policy, so you’re completely in control of the base password strength users must meet. It sits in the same place as the built-in password generator, so you’ll have a familiar look and feel.

Quite frankly, this plugin is ga reat value given the functionality. For more information, including where to buy Password Policy Manager (and the price), head on over to the WP White Security website.

Conclusion

Password security and management is an ‘old hat’ topic according to some. It’s one of the perennial topics for online security, which is largely due to the fact that many users still opt to create weak, crackable passwords.

In this post, we’ve talked about how WordPress includes built-in options for assessing password strength. However, by installing a plugin to enforce users to use strong passwords on WordPress’ back end, you can ensure all passwords are robust and secure. Ultimately, you’ll take the security of your site into your own hands, which is always a good thing.

Are you hot on password security, and how do you think the Password Policy Manager for WordPress plugin could help you? Let us know in the comments section below!

Featured image: stevepb.

Tom Rankin

Tom Rankin is a key member of WordCandy, a musician, photographer, vegan, beard owner, and (very) amateur coder. When he’s not doing any of these things, he’s likely sleeping.

Facebook Comments

More Stuff

InfoSec Career Paths vs Programming Skills — The Basics Image from https://www.2-sec.com/2017/08/day-life-2-sec-penetration-tester/I’ve recently was asked for a numerous time?—?“Is being a great develo...
Double Processing to Create the Uncapturable Excerpt from The Adobe Photoshop Book for Digital Photographers (for Versions CS6 and CC) NOTE: YES there is a newer version of this book, but this on...
Query Monitor – Debug WordPress and Improve Website Performance Imagine this scenario: You’re working on a WordPress development project and have a dozen or more plugins installed. However, your site isn’t humming ...
Troubleshooting WordPress Issues When something goes wrong on your WordPress site, how do you react? Do you freak out, or have a mini panic attack? Don’t worry, that’s a fairly typic...
Spread the love

Posted by News Monkey