Configure WordPress password policies to ensure all WordPress users use strong passwords and improve the security of your WordPress.
Thousands of WordPress blogs and websites get hacked each year because of weak passwords. One way to protect your WordPress from automated brute force attacks is to use strong passwords. Do not let your WordPress become a statistic. Ensure that all your WordPress users use strong passwords and change them frequently with WP Password Policy Manager plugin.
You can easily configure strong WordPress password policies within a few seconds and your WordPress users do not have to get used to new systems and interfaces. WP Password Policy Manager integrates seamlessly within your WordPress login page and uses the standard WordPress UI as can be seen from these screenshots, hence the process is transparent to your users.
As a WordPress administrators you can configure any of the below password policies to ensure all your WordPress users use strong password:
Password Expire Time
This policy allows you to specify for how long a password is valid before it expires. For example if you specify 1 month, after 1 month the WordPress user will be forced to change his existing password prior to logging in.
This policy allows you to specify the minimum number of characters a password should consist of.
Mixed Case Policy
When you enable this policy all of the WordPress users' passwords should contain both lower and UPPER case characters.
Numeric Digits Policy
When you enable this policy all of the WordPress users' passwords should contain numeric digits.
Special Characters Policy
When you enable this policy all of the WordPress users' passwords should contain special characters, such as ! ? * & etc.
Password History Policy
This policy allows you to specify how many passwords should the plugin remember so WordPress users do not use the same password. For example if you specify 8 the user can reuse an old password on the ninth time his password is changed.
Current Password Policy
When you enable this policy WordPress users have to specify the current password to be able to change the password from the WordPress profile page.
Note:WP Password Policy Manager stored users' passwords the same way WordPress stores them, hence it is secure.
In case your WordPress has been hacked or need to reset all WordPress users' password you can do so with a single click from the passwords policies configuration. Once you reset all of the WordPress users' passwords each user will receive an email with a new random generated password. Since the password is sent over email once the WordPress users log in they will be asked to change the password again to ensure maximum security.
Another way to ensure WordPress security is to have full control of your WordPress by keeping an audit log of all changes that happen on your WordPress with WP Security Audit Log plugin.
We need help translating the plugin. If you're good at translating, please drop us an email on firstname.lastname@example.org. WP Password Policy Manager is available in:
To keep yourself updated with what is new and updated in our WordPress security plugins please subscribe to the WP White Security Plugins Newsletter.
Requires: 3.6.0 or higher
Compatible up to: 4.2.2
Last Updated: 2015-5-23
Active Installs: 1,000+
0 of 3 support threads in the last two months have been resolved.
Got something to say? Need help?