WordPress, as an open-source content management system, requires user login with their account information. Users are allowed to use any password with any length they like, and decide whether to change it or not any time they want. However, if they apply simple and weak passwords, the website may run the risk of being hacked.
In this case, to enhance the security of your site, it’s essential to ensure that all users generate and use passwords with strong security. More importantly, there is a need to change their passwords after certain time or every few months.
Today, we will introduce the WP Password Policy Manager plugin, and show detailed steps on how to use it to force users to change their passwords in WordPress.
Configure WP Password Policy Manager to Apply It
The WP Password Policy Manager plugin is built with the propose of ensuring all WordPress users use strong password and increasing site security by configuring WordPress password policies.
Before doing any configuration, you need to login to your WordPress Dashboard. Then, install the plugin and activate it. Once finished, navigate to “Settings” and click “Password Policies”.
Next, on the plugin settings page, you need to do some configurations. As for what to do with, we will have detailed explanation of some items in the following.
The “Password Expiration Policy” option allows setting a period of time after which users must change their passwords. You can set by hour, day, week and even month. According to our experience, we think 3 months is a reasonable period as this is secure enough to protect your site without irritating your users.
Below it, you can customize the minimum number of characters that user should live up to when setting password. Usually, you’d better set no less than 8 characters.
As for the next 4 options, you are allowed to decide whether to require users to
- Use password fixed with both uppercase and lowercase characters.
- Use numeric digits.
- Use specific characters like %#_+.
- Enter the current password when changing it into another one.
To enable them, simply check the box next to each item.
With the “Password History Policy” option, you are allowed to set the plugin to remember the old passwords. Below this option, you can add roles and users who have the privilege not to be affected by all the password policies you set.
As for “Reset All Users’ Passwords”, you can reset all user passwords in a quick manner. Note that you should carefully use this function, because once it is applied, all user passwords in WordPress will be expired. For the last option – “Use WP Cron”, you can check it if you have more than one user on your WordPress site.
Once you have completed, click “Save Changes” to apply the settings.
After you have set the plugin with necessary configurations, users on your site will be forced to change their passwords after the time you set.
On the Bottom
The importance of forcing your users to change passwords regularly cannot be emphasized more, since it’s vitally important for your site security. However, using strong password is of equal importance, so you’d better ask them to create strong passwords. For that purpose, taking advantage of some password generator plugins is a good way.