Why Force Strong Password on WordPress Users?
When you have a WordPress website on which any user can register, you can make it a vibrant and diverse community fairly quickly. However, this also brings with it a security problem. When any user can set own password, there is high probability that the user can set a weak password. If a hacker gets hold of this weak password, he/she can take over your complete site in just a few minutes. This can cause great havoc to your online community, with even a possibility that you may not be able to revive it. Since you cannot rely on users to set strong passwords by themselves, it is better instead to just force strong password on WordPress users.
According to a study conducted by Centrify last year, hacked passwords are the reason behind 81% of all data breaches online. They even have a guide on how you yourself (and even your grandma) can hack weak passwords. If hacking a weak password is something you can do yourself, a professional hacker can do the kind of damage that’ll be almost irreparable.
After checking out the scary statistics, you might be wondering how you can request all your site users to set strong passwords for their accounts. The honest answer to this is you can’t. However, you can force strong password on WordPress users through the user registration form itself. And the best tool you can have to create secure user registration forms on WordPress, is RegistrationMagic.
Set Password Rules with RegistrationMagic
RegistrationMagic prevents users from setting weak passwords by employing its “Password Rules” feature. “Password Rules” can be found in RegistrationMagic’s “Global Settings”. Install RegistrationMagic on your WordPress site and visit its “Global Settings”.
You’ll then see multiple divisions of “Global Settings”. One of which is “Security”. Click on it and you’ll see the global security settings for RegistrationMagic forms.
It is here that you’ll find the “Enable Password Rules” checkbox. Enable this setting and a list of all “Password Rules” will appear.
There are 5 “Password Rules” and we’ll explore each one of them now.
Must contain an uppercase letter
The “Must contain an uppercase letter” rule ensures that the user enters at least one uppercase letter in his/her password. This increases the variation among characters in the password. How much variation is there in your password determines how secure the password is.
Must contain a number
The “Must contain a number” rule ensures that the user put in at least one number in the password. This is again a method of adding variation to the password.
Must contain a special character
The “Must contain a special character” rule ensures that the user puts in at least one special character in the password. Special characters are the characters on your keyboard which are neither an alphabet or a number. OWASP has a complete of special characters if you need to know what these are.
Minimum length & Maximum length
Then there’re the “Minimum length” and “Maximum length” password rules. These rules make sure that the password user chooses isn’t less than the “Minimum length” and more than the “Maximum length”. A password should at least be 10 characters long to be considered a strong password. The longer the password, the safer it is.
Password Rules on User Registration Form
Now, let’s see these rules in action on our user registration form.
As soon as I start entering in the password, a bar and a text below the password field keeps me updated on whether it is weak or strong. When I add only lowercase letters, it tells me that the password is ‘Weak’.
When I increase its length and add uppercase and numerical characters, it tells me that the password is ‘Medium’ strength.
Now, when I add some special characters into the mix, the form tells me that my password is ‘Strong’. Also, the bar below the field is now totally green, telling me that this password is safe for use.
I hope this tutorial covered everything you needed to know on how to force strong password on WordPress users. If you still have any questions, feel free to write in the comments section below. Our support team will get in touch with you immediately.
For more tutorials on how to work with RegistrationMagic’s amazing user management tools, stay tuned to our Blog.
- How to Allow WordPress Login and Registration using Email - October 5, 2018
- How to Display WordPress Member Directory - October 1, 2018
- How to Create WordPress Form With Payment Option - September 30, 2018
- How to Disable WordPress Admin Bar for all Users Except Admin - September 29, 2018
- How to Disable New User Notification Emails in WordPress - September 28, 2018
- How to Add New Users And Authors in WordPress Blog - September 27, 2018
- How to Restrict WordPress User Access by Passphrase Code - September 26, 2018
- How to Restrict User Access by Date in WordPress - September 25, 2018
- How to Restrict WordPress Forms by User Roles - September 24, 2018
- How to Configure Registration Form in WordPress - September 12, 2018