How to Force Strong Password on WordPress Users

Why Force Strong Password on WordPress Users?

When you have a WordPress website on which any user can register, you can make it a vibrant and diverse community fairly quickly. However, this also brings with it a security problem. When any user can set own password, there is high probability that the user can set a weak password. If a hacker gets hold of this weak password, he/she can take over your complete site in just a few minutes. This can cause great havoc to your online community, with even a possibility that you may not be able to revive it. Since you cannot rely on users to set strong passwords by themselves, it is better instead to just force strong password on WordPress users.

According to a study conducted by Centrify last year, hacked passwords are the reason behind 81% of all data breaches online. They even have a guide on how you yourself (and even your grandma) can hack weak passwords. If hacking a weak password is something you can do yourself, a professional hacker can do the kind of damage that’ll be almost irreparable.

After checking out the scary statistics, you might be wondering how you can request all your site users to set strong passwords for their accounts. The honest answer to this is you can’t. However, you can force strong password on WordPress users through the user registration form itself. And the best tool you can have to create secure user registration forms on WordPress, is RegistrationMagic.

Set Password Rules with RegistrationMagic

RegistrationMagic prevents users from setting weak passwords by employing its “Password Rules” feature. “Password Rules” can be found in RegistrationMagic’s “Global Settings”. Install RegistrationMagic on your WordPress site and visit its “Global Settings”.

Force Strong Password on WordPress Users Global Settings Menu

You’ll then see multiple divisions of “Global Settings”. One of which is “Security”. Click on it and you’ll see the global security settings for RegistrationMagic forms.

Force Strong Password on WordPress Users Global Settings Screen

It is here that you’ll find the “Enable Password Rules” checkbox. Enable this setting and a list of all “Password Rules” will appear.

Force Strong Password on WordPress Users password rule settings

There are 5 “Password Rules” and we’ll explore each one of them now.

Must contain an uppercase letter

The “Must contain an uppercase letter” rule ensures that the user enters at least one uppercase letter in his/her password. This increases the variation among characters in the password. How much variation is there in your password determines how secure the password is.

Must contain a number

The “Must contain a number” rule ensures that the user put in at least one number in the password. This is again a method of adding variation to the password.

Must contain a special character

The “Must contain a special character” rule ensures that the user puts in at least one special character in the password. Special characters are the characters on your keyboard which are neither an alphabet or a number. OWASP has a complete of special characters if you need to know what these are.

Minimum length & Maximum length

Then there’re the “Minimum length” and “Maximum length” password rules. These rules make sure that the password user chooses isn’t less than the “Minimum length” and more than the “Maximum length”. A password should at least be 10 characters long to be considered a strong password. The longer the password, the safer it is.

Password Rules on User Registration Form

Now, let’s see these rules in action on our user registration form.

As soon as I start entering in the password, a bar and a text below the password field keeps me updated on whether it is weak or strong. When I add only lowercase letters, it tells me that the password is ‘Weak’.

Weak Password

When I increase its length and add uppercase and numerical characters, it tells me that the password is ‘Medium’ strength.

Force Strong Password on WordPress Users medium password

Now, when I add some special characters into the mix, the form tells me that my password is ‘Strong’. Also, the bar below the field is now totally green, telling me that this password is safe for use.

Force Strong Password on WordPress Users strong password


I hope this tutorial covered everything you needed to know on how to force strong password on WordPress users. If you still have any questions, feel free to write in the comments section below. Our support team will get in touch with you immediately.

For more tutorials on how to work with RegistrationMagic’s amazing user management tools, stay tuned to our Blog.

About rmagic

RegistrationMagic Editorial Staff (rmagic) is a team of WordPress registration experts and major contributor to the development of RegistrationMagic - WordPress User Registration Plugin.

Leave a Comment

Your email address will not be published. Required fields are marked *