The length is locked at 20 characters for users who don't use special characters.
This is set across all user types, so people wanting to just leave comments are a lot less likely to.
I installed this plugin, while there was ongoing "admin user password bruteforce" attack.
After activation the side effect was extremely bad: my hosting provider almost immediately blocked my shared hosting, because the plugin, in order to provide "timeouts" behavior to the attackers, overloaded the maximum number of running processes, because of lots of hanging PHP processes.
I had to use technical support aid in order to get out of this lockout situation.
You must log in to submit a review. You can also log in or register using the form near the top of this page.