One area of security many WordPress users neglect is passwords. Surely you’ve heard that using stronger passwords can help reduce the risk of your WordPress blog or user accounts becoming compromised. But do you know how to enforce strong passwords for all users?
If you allow users to register for your WordPress blog you will you may have noticed that since WordPress 4.3 better passwords have been available. But while this makes it easy for users to create or reset their account with a strong password it doesn’t have any password strength requirements. This is where a plugin can come in handy to help improve WordPress security.
Enforce Strong Passwords in WordPress with iThemes Security
To enforce strong passwords in WordPress and to ensure users create stronger passwords from the beginning we recommend the iThemes Security plugin. It does a lot more than enforce strong passwords, but let’s focus in on just that one function for for now.
Configuring Enforce Stronger Passwords
First you’ll need to install the plugin. This is easily done from your WordPress dashboard by going to Plugins > Add New and searching for “iThemes security.” It should be the first result, so just click to install and activate the plugin.
With the plugin active click on the new Security menu item in your dashboard to access your iThemes Security settings. As mentioned there are a TON of awesome security options. But for now click on the “Configure settings” button for Password Requirements.
This will open a popup where you can check a box to enable the iThemes Security force strong passwords feature. You can also choose a minimum user role to apply this rule to. This is basically the role or higher that will enforce strong passwords.
Depending on your website you might want to force all users to use strong passwords, in which case you’d select the “subscriber” role. But if you require folks to signup for a subscriber account to download freebies you may not want to discourage them by requiring a strong password. In this case, it might be better to simply apply the requirement to contributors and above.
Just save your settings and you should be good to go. Now when users register or go to update their password they’ll be forced to select a strong password.
If a user attempts to use anything other than a strong password they should see the above warning. This informs them to essentially try again with something a bit stronger.
If you upgrade to iThemes Security Pro you’ll also have access to Malware scans, Google reCAPTCHA, user action logs, strong password generator, password expiration and the option to enable 2-factor authentication for WordPress. Basically an entire arsenal of security hardening features.
By enforcing strong passwords in WordPress you reduce the chances of accounts being compromised by a brute force attack. It also helps keep guest and administrator accounts more secure for your WordPress blog.
Thankfully this is easy when you use a plugin like iThemes Security, WordFence or even Force Strong Passwords. Implementing any of these plugins applies to new accounts or passwords going forward, and is a great way to reinforce your site security. Just be sure to remind authors or existing users to also give their password and update.
Do you have any tips for stronger passwords? Or do you have a different plugin you’d recommend? Leave us a comment below.