This simple plugin allows the WordPress site administrator to enforce minimal password requirements on its user. You can specify a minimal password length. You can also demand that users input uppercase characters, digits or special characters. This only effects password changes. Existing passwords will not be validated.
- Drop the ‘password_rules’ folder in your plugin directory.
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Set your desired password requirements in Settings/Password Rules
- What are the default password requirements impose by WordPress?
Anything except an empty string can be use as a password in an out of the box WordPress installation.
- Why should I care about the password of my users?
Short passwords using a small character set are vulnerable to brute force attacks. Also, IT deparements in large organisations will often request minimal security requirements before deploying an app; this extension can help you cut throught the red tape.
- What about existing users?
WordPress hashes passwords before storing them in its database. You can not determined the original password from its hashed. So it’s impossible to validate existing password to see if they meet your requirements. This extension will only validates passwords when the user updates his profile.
Contributors & Developers
“Password Rules” is open source software. The following people have contributed to this plugin.Contributors
- Initial release.
- Corrected bug that prevented translations from being displayed.
- Very minor correction to translation in French.