Home Blog WordPress Security WPassword update 2.0

Enforcing strong WordPress passwords security

Enforcing strong WordPress passwords security

It is impossible to ignore security when it comes to managing WordPress sites and blogs. In fact many business site administrators choose a secure WordPress web host for their sites. On top of that, they install a WordPress firewall plugin or service, and keep a log of what is happening one their site with a comprehensive WordPress activity log plugin.

Though no software or online service solution can protect your WordPress website from your users’ weak passwords! And they do use weak passwords; statistics show that the 35% of users use weak passwords, such as password123 and qwerty123, and the majority of the rest use passwords that can be cracked.

Therefore as a WordPress site owner it is your duty to implement strong WordPress password security policies to force strong passwords on users in order to improve the WordPress password security level of your site. In this post we will explain how you can easily do this with a plugin and a few mouse clicks. Though before, let’s see why you need to use a plugin such as Melapress Login Security.

Why Do You Need a WordPress Password Policies Plugin?

By default WordPress recommends a strong password whenever you forget your password, create a new user or simply want to reset your password.

WordPress recommends strong passwords

Though users can and will still use weak passwords, since they are given the option. They can simply type in their weak password password123 and tick the option Confirm use of weak password, as highlighted in the below screenshot.

Users can easily use weak passwords in WordPress

The only way you can force your WordPress users to use strong password for better WordPress password security is to use a plugin that allows you to enforce WordPress password policies.

How to Configure Policies for Strong WordPress Password Security

You can configure policies to enforce strong passwords on your WordPress users with the plugin Melapress Login Security. In this section we will explain how to get started and configure the policies within just seconds.

Configuring WordPress Password Policies

Once you install the WordPress password policies plugin navigate to the Password Policies node in the Settings menu.

Configuring WordPress password policies in plugin

In this section you can configure the following password policies to enforce your users to use strong WordPress passwords:

  • Password minimum length
  • Use of both lowercase and uppercase letters in passwords
  • Use of numbers in passwords
  • Use of special characters in passwords

You can also configure how long can a password be used from the Password Expiration Policy, also known as password age. When passwords automatically expire users have to change them and avoid using the same password for months and years. You can also configure the password history policy in the plugin. The password history setting determines the number of unique new passwords users have to use before they can reuse an old password.

WordPress Password Policies Plugin Features Highlight

Apart from the password policies, Melapress Login Security also allows you to:

  • Exempt specific users or roles from the password policies
  • Specify when users’ session are terminated upon password expiry
  • Reset all passwords with just a single mouse click.

The last feature is definitely handy, especially in the unfortunate event of a malicious WordPress hack. When you reset all passwords with the plugin, an email is sent to all the users alerting them to reset their WordPress password.

Ensure Stronger WordPress Password Security with Policies

Help your WordPress site and multisite network users use strong passwords and harden the security of your WordPress site at the same time. Configure WordPress password policies so you can enforce strong passwords on your users. You can get started and improve WordPress password security within just seconds, with Melapress Login Security.


Bonus tip: disable dormant users

Dormant and unused WordPress users are an easy target for malicious attackers. Regardless of the policies you enforce, if users are not being used they will always have the same password and if they are hijacked no one notices. Hence why they are a prime target.

To safeguard your website and not let inactive users jeopardize the security of your WordPress website, enable the dormant WordPress users policy on Melapress Login Security so inactive users are locked and cannot be hijacked.

6 thoughts on “Enforcing strong WordPress passwords security

  1. Strong passwords can help prevent brute force attacks and improve site security. However, my concern is that it’s difficult for users to remember these passwords.

  2. Good day

    How does one prevent users from registering with weak passwords?

    I’m able prevent logging with a weak password but cannot prevent the registration.


Leave a Reply

Your email address will not be published. Required fields are marked *

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon

We’ve reduced our prices and simplified our plugin plans.