How to set up your WordPress Password Policy Plugin

Passwords are critical to keeping our online accounts secure. This is also true for user accounts on WordPress websites. The WordPress login uses usernames and passwords to determine access. However, not all passwords are born equal. Some passwords provide a formidable challenge against unauthorized access. Others, not so much.

This is where Melapress Login Security (previously WordPress Password Policy Manager plugin) comes in.

Melapress Login Security also offers one-click integration with WooCommerce, ensuring administrators of this eCommerce plugin can also wave goodbye to weak passwords. Aside from WooCommerce, the plugin supports many other 3rd party plugins, making it one of the must-have WordPress security plugins.

It offers granular control over password policies. You can mandate a minimum number of characters, special and numeric characters, as well as uppercase and lowercase letters. You can also set password expiration and prohibit password recycling.

It also helps users create strong passwords by offering real-time help so that they can meet the requirements with ease.

Setting up password policies on your WordPress site is very easy when using Melapress Login Security. The plugin has been designed from the ground up to be very user-friendly. Setting your own password rules does not require any technical knowledge and takes only a few minutes to set up.

Melapress Login Security started its life as a password policy manager. It still does this exceptionally well but has since seen the addition of features that reinforce the efficacy of password policies.

The plugin comes in a number of different plans, ensuring it can meet different requirements and budgets.

Once you purchase the plugin, you will receive an email with a download link and your license key. Alternatively, you can log in to your My Account page through where you’ll find everything you need.

Download the plugin .ZIP and take note of the license key – we’ll need both in the next step.

Log in to your WordPress dashboard and navigate to Plugins > Add New Plugin. Click on the Upload Plugin button, which you’ll find at the top of the page, and then Choose File. Navigate to the location where you saved the .ZIP file from the previous step and then click on Open.

Next, click on Install Now, and once the plugin has been installed, activate it.

If you opted for a premium plan, you’ll need to enter your license key to activate your premium features.

With the plugin installed and activated, navigate to Login Security > Login Security Policies and tick the checkbox marked Enable login security policies. Once enabled, you’ll be able to see all password policy settings.

Policies can be enabled site-wide or by role. Site-wide policies apply to all users. With role-based policies, you can set different policies for different roles.

Password policies offer the following criteria:

  • Minimum Character length
  • Mandated use of uppercase and lowercase characters
  • Mandated use of special characters (with the option to exclude specific special characters)
  • Auto password expiry
  • Password recycling prevention

You can also use password policies to force users to reset their password on the first login and to disable the sending of password reset links for additional security.

Next, head to Login Security > Forms & Placement to enforce password policies on standard and third-party forms., including:

  • WooCommerce
  • LearnDash
  • Ultimate Member
  • BuddyPress
  • MemberPress

Documentation is also available should you want to integrate your password policy with any other form.

A strong password policy goes a long way in helping you improve security and reduce the risks of attacks such as brute force attacks. Melapress Login Security, however, comes with many additional features to help you improve WordPress password security:

The one-click password reset function enables you to initiate a force password change for all your users across the board. On their next log in, users will need to set a new password that meets any high password security policy that has been set.

Inactive users policies enable you to automatically lock inactive users once specific criteria, as defined in the policy, have been met. Locking inactive users drastically reduces the risks associated with such accounts, which are often to blame for unreported breaches.

Pro tip: Use WP Activity Log for a detailed active and inactive users activity log for unparalleled insights into what happens on your WordPress websites.

In brute force attacks, bad actors will keep trying different username and password combinations until they hit one that works.

A strong password policy goes a long way in reducing the risks associated with such attacks. By limiting login attempts, you can ensure that any attempts are cut short, with user accounts automatically locked after a number of bad tries.

A good chunk of brute force attacks happen at the login page, whose URL is standard across all WordPress installations. This makes it very easy to find. By hiding the login page, you make it that much harder for unauthorized users to access this page in what is known as security by obscurity.

Melapress Login Security comes with many other additional features, including multi-role support, editable email templates, and much more. All plans come with email support and regular updates, ensuring you can stay on top of your password game.

Melapress Login Security is fully equipped to enable you to take your WordPress password security to the max. Not only does it enable you to enforce strong password security on your WordPress website, but it also comes with additional features that boost the entire login.

Informing users of the merits of strong user passwords goes a long way in helping you achieve frictionless adoption. A user password manager also goes a long way in quelling any concerns regarding having to remember long and complex passwords.

When you enforce strong passwords through secure password policies, you’re keeping not only your WordPress but also your users and their data secure.

Melapress Login Security goes a long way in helping you keep your password security strong. It comes packed with features designed to secure different facets of your WordPress login, ensuring you and your users stay as secure as possible at all times.

WordPress Password Policy Plugin: How to Setup

Take the Melapress Security Survey 2024

Share your perspective
and WIN