Cyber-attacks are becoming a more common occurrence every day. The attack itself is growing in both number and sophistication, many organizations are increasingly under the gun to protect themselves from compromise. A strong password is the first line of defense in protecting your website from one form of cyber-attack the brute force attack which targets your login page by calculating every possible combination that could make up a password and testing it to see if it’s the correct one.
For that, you may want to consider how critical it is to use a password policy to enforce your website security. The password policy itself entails some important aspects to strengthen the password to help you to protect your website:
- Set the minimum password length (the longer the better) 8 characters are typical.
- Impose requirements to use uppercase and lowercase combinations, special characters, and numerical digits.
- Set password duration if needed
In this tutorial, we will show you how to implement a password policy for your website using the WordPress Policy Manager Plugin.
Password Policy Manager Plugin
The Password Policy Manager Plugin by miniOrange is one of the WordPress security plugins that help you to enforce the use of password policy best practices for your website.
Available as a freemium plugin on WordPress.org, the free version Password Policy Manager could help you to:
- Set the requirement for the password strength
- Enable password expiration time
- Let you reset passwords for all users in one click
- Let you access and view reports for your users’ logins
Furthermore, if you upgrade it to the Pro version, you will get all of the capabilities of the free version with additional features like:
- Manage password policies based on user roles
- Prevent users from using previously used passwords
- Automatically lock inactive users after a certain period
- Generate a random strong password based on your policies
- Support the logins form from another plugin like Woocommerce, Ultimate Member, Elementor Pro, and so on
Now that you know what The Password Policy Manager can do, let’s start to protect your website by installing and activating the password policies manager plugin to your WordPress.
How to Apply Password Policy with The Plugin
Once you installed and activated the plugin, from your WordPress dashboard, click the newly created miniOrange Password Policy menu then you will be taken to the Policy Setting Page.
Password Strength Policy Setting
On this page, you can turn on the password Policy Settings by ticking the checkbox from each of the set to enforce the password strength like:
- The password Must Contain Lower and Uppercase letters like [a|A]
- The password Must Contain Numeric digits like [0,9]
- The password Must Contain characters like [@, #, $, %, etc]
- Set the Length of the password [between 8 and 25]
There also exists a toggle for the Password Policy Setting which acts as a switch to disable or enable all settings you’ve made on the Password Policy Setting.
Password Expiration Policy Setting
You can also set a password expiration policy on this page. To enable this feature, toggle on the Enable Expiration Time switch in the Expiry Time section, and the default expiration time is 7 weeks.
Once your password policy settings are ready, click on the Save Settings button to apply the settings.
How to Make Existing Users Reset Their Password
What if you already have many existing users that yet to use the password strength policy for their user account? how to make them change their password by following your password policy?
If you want to make the existing user reset their password when they try to log in after you applied the setting, you can do so by ticking the checkbox of the Force reset password on first login setting which is available on the Password Policy Setting and apply your changes by clicking on the Save Settings button.
Or, maybe there was some trouble that happen and you want them to change their password right away, terminating their login session and resetting their password. With the One-Click Reset Password button, you can reset the user’s password and close their login sessions right away at the same time. The users need to set up a new password via a reset link sent to their email.
The Bottom Line
A strong password is the first line of defense in protecting your website from one form of cyber attack the brute force attack that targets your login page. With a strong password, they will have a hard time guessing your password to try to break in and mess up your website. Using a password policy plugin is one of the options you can try to help you strengthen your WordPress security against brute force attacks. We also have covered another way that may help you against the attack in our previous article about redirecting users after they log out from your site.