Ignoring the security of WordPress sites and blogs may lead us to big troubles in the long run. Although many business site administrators choose a secure WordPress web host for their sites, no software or online service solution can protect the WordPress website from the users’ weak passwords! Statistics show that 35% of the website users use weak passwords resulting in the hacking of the majority of those passwords.
Although WordPress will display the strength of the password when the user sets the password, it does not force the user to use a complex password. If the administrator or the user who edits the role uses a weak password (simple password), then the website may have a security risk. Therefore as a WordPress website owner, it is our duty to implement password policies to force the users to use strong passwords in order to improve the WordPress password security level of the site. This article will show how to force WordPress users to use strong passwords, that is, complex passwords.
How to Force Users to Use Strong Passwords
Installing No Weak Passwords Plugin
Installing the No Weak Passwords plugin will force visitors to set a strong password in WordPress. On top of this, it ensures that a visitor will not be able to select a common password that is easy to guess.
Just search the plugin name in the WordPress repository and install it. Done!
What a Visitor Will See After the Plugin Installation
If a visitor tries to enter a new password that is on the list of common phrases, they will get this error message and force them to select a strong password:
ERROR: Your password exists on a list of known easy-to-guess passwords, and hence was forbidden.
And the password they entered will not be accepted as a new password, and they will have to choose a new one. It is a good idea to make it clear what a password must include avoiding frustration.
