How to Enforce Secure Passwords on Your WordPress Website

We’re willing to bet that you probably know all about using secure passwords for your WordPress admin account. However, you can’t take for granted that other users will do the same.

To make sure your site remains safe, you’ll want to ensure all passwords are secure. While WordPress includes a function to create a secure password, it’s completely optional. As with many WordPress tasks, the answer lies in using a plugin to enforce users to use strong passwords on WordPress’ back end.

In this article, we’ll discuss the importance of password security. We’ll then show you what features WordPress offers in this area, and introduce a more secure solution. Let’s get started!

A Quick Primer on Strong, Secure Passwords

Let us start at the beginning. Of course, one of the most basic ‘laws’ of the internet is that strong passwords are essential to keeping your site protected. In fact, there’s been so much discussion of the topic that you’d be forgiven for letting it wash over your head.

However, ignoring password security is incredibly dangerous, for reasons we’ll get onto shortly. For now, let’s give you one simple rule to make sure you’re able to manually create strong passwords:

Despite previous, long-told advice about mixing letters, numbers, and characters, length is the most important aspect of a strong password. In short, the longer your password, the better.

The reason for this is due to the so-called ‘brute force’ method for cracking passwords. Because of this, you’ll simply want to make your password so long that it will take a mathematical eon to break. You can actually see how long it will take to crack a password using a site like How Secure Is My Password?:

The How Secure Is My Password? website.

Of course, this isn’t to say that you should kick password complexity to the curb. There does need to be a balance between simply writing “a” twenty times, and having an eight-character jumble of letters, numbers, and symbols. However, you can still use full words to create a solid, uncrackable password.

Why You Should Put So Much Stock in Secure Passwords

While you may be aware of the importance of using a secure password, the same might not be true for your users. Microsoft Regional Director Troy Hunt recently published a list of poor-quality passwords and made the assumption that 86% of those he came across had already been breached.

This is alarming for several reasons, not least that the vast majority of people are using passwords freely available for everyone to see. The passwords themselves are another aspect. Some of the most commonly used passwords were downright lazy and basic, such as “qwerty”, “123456”, and “password”.

We’d bet that you don’t want to let your users jeopardize your site by allowing your users to use such easily-crackable password. Fortunately, it’s possible to avoid if you’re using WordPress. Let’s take a look at how you can let users create much better, safer passwords.

How to Enforce Secure Passwords on Your WordPress Website

Because secure passwords are the foundation of protecting your site, it makes sense to highlight this as early as possible to the user. As such, WordPress offers a simple checker and generator, baked into core:

WordPress' password generator.

Users can access this tool through the Users > All Users screen within WordPress. They can then click Generate Password within the individual user profile.

However, there’s one big downside to this approach – it’s entirely optional. As such, you’ll want to implement a dedicated plugin that actually forces all users on your site to create a strong password. Enter the Password Policy Manager plugin:

The Password Policy Manager plugin.

This plugin was created by leading WordPress security developers WP White Security and gives you a comprehensive set of tools to enforce strong passwords. For example, you can set a maximum password age, so that users generate a fresh one at the time of your choosing. What’s more, you have a flexible approach to terminating user sessions.

As for the base functionality, you can configure the overall policy, so you’re completely in control of the base password strength users must meet. It sits in the same place as the built-in password generator, so you’ll have a familiar look and feel.

Quite frankly, this plugin is ga reat value given the functionality. For more information, including where to buy Password Policy Manager (and the price), head on over to the WP White Security website.


Password security and management is an ‘old hat’ topic according to some. It’s one of the perennial topics for online security, which is largely due to the fact that many users still opt to create weak, crackable passwords.

In this post, we’ve talked about how WordPress includes built-in options for assessing password strength. However, by installing a plugin to enforce users to use strong passwords on WordPress’ back end, you can ensure all passwords are robust and secure. Ultimately, you’ll take the security of your site into your own hands, which is always a good thing.

Are you hot on password security, and how do you think the Password Policy Manager for WordPress plugin could help you? Let us know in the comments section below!

Featured image: stevepb.

Tom Rankin is a key member of WordCandy, a musician, photographer, vegan, beard owner, and (very) amateur coder. When he’s not doing any of these things, he’s likely sleeping.

The post How to Enforce Secure Passwords on Your WordPress Website appeared first on Torque.

Sharing is Awesome, Thank You! :)

Share this Blue 37 post with your friends