How to Secure WordPress with Password Policy Plugin

Updated: August 31, 2022

Cyber-attacks are becoming a more common occurrence every day.  The attack itself is growing in both number and sophistication, many organizations are increasingly under the gun to protect themselves from compromise. A strong password is the first line of defense in protecting your website from one form of cyber-attack the brute force attack which targets your login page by calculating every possible combination that could make up a password and testing it to see if it’s the correct one.

For that, you may want to consider how critical it is to use a password policy to enforce your website security. The password policy itself entails some important aspects to strengthen the password to help you to protect your website:

  • Set the minimum password length (the longer the better) 8 characters are typical.
  • Impose requirements to use uppercase and lowercase combinations, special characters, and numerical digits.
  • Set password duration if needed

In this tutorial, we will show you how to implement a password policy for your website using the WordPress Policy Manager Plugin.

Password Policy Manager Plugin

The Password Policy Manager Plugin by miniOrange is one of the WordPress security plugins that help you to enforce the use of password policy best practices for your website.

Available as a freemium plugin on WordPress.org, the free version Password Policy Manager could help you to:

  • Set the requirement for the password strength
  • Enable password expiration time
  • Let you reset passwords for all users in one click
  • Let you access and view reports for your users’ logins

Furthermore, if you upgrade it to the Pro version, you will get all of the capabilities of the free version with additional features like:

  • Manage password policies based on user roles
  • Prevent users from using previously used passwords
  • Automatically lock inactive users after a certain period
  • Generate a random strong password based on your policies
  • Support the logins form from another plugin like Woocommerce, Ultimate Member, Elementor Pro, and so on

Now that you know what The Password Policy Manager can do, let’s start to protect your website by installing and activating the password policies manager plugin to your WordPress.

How to Apply Password Policy with The Plugin

Once you installed and activated the plugin, from your WordPress dashboard, click the newly created miniOrange Password Policy menu then you will be taken to the Policy Setting Page.

Password Strength Policy Setting

On this page, you can turn on the password Policy Settings by ticking the checkbox from each of the set to enforce the password strength like:

  • The password Must Contain Lower and Uppercase letters like [a|A]
  • The password Must Contain Numeric digits like [0,9]
  • The password Must Contain characters like [@, #, $, %, etc]
  • Set the Length of the password [between 8 and 25]

There also exists a toggle for the Password Policy Setting which acts as a switch to disable or enable all settings you’ve made on the Password Policy Setting.

Password Expiration Policy Setting

You can also set a password expiration policy on this page. To enable this feature, toggle on the Enable Expiration Time switch in the Expiry Time section, and the default expiration time is 7 weeks.

Once your password policy settings are ready, click on the Save Settings button to apply the settings.

How to Make Existing Users Reset Their Password

What if you already have many existing users that yet to use the password strength policy for their user account? how to make them change their password by following your password policy?

If you want to make the existing user reset their password when they try to log in after you applied the setting, you can do so by ticking the checkbox of the Force reset password on first login setting which is available on the Password Policy Setting and apply your changes by clicking on the Save Settings button.

Or, maybe there was some trouble that happen and you want them to change their password right away, terminating their login session and resetting their password. With the One-Click Reset Password button, you can reset the user’s password and close their login sessions right away at the same time. The users need to set up a new password via a reset link sent to their email.

The Bottom Line

A strong password is the first line of defense in protecting your website from one form of cyber attack the brute force attack that targets your login page. With a strong password, they will have a hard time guessing your password to try to break in and mess up your website. Using a password policy plugin is one of the options you can try to help you strengthen your WordPress security against brute force attacks. We also have covered another way that may help you against the attack in our previous article about redirecting users after they log out from your site.

This page may contain affiliate links, which help support WP Pagebuilders. Learn more

Leave a Comment

Pin It on Pinterest

Thanks for commenting

Help us grow by sharing this post with your friends!

Join 500+ WordPress users receiving tips and insights on creating with WordPress in the no-code era.

Hello.

How long have you been using WordPress? If you are an old WordPress user, then you have been a witness how WordPress has evolved massively. It has gone from a merely blogging tool into a comprehensive website builder. You can now use WordPress to create any type of website. From e-commerce website, LMS, listing website, membership website, to social media website.

Do you know what’s more interesting?

You can create your website with WordPress without touching a single line of code. At WP Pagebuilders, we write a lot about how to get the most out of WordPress in the no-code era. Subscribe and be first to know our newest content.