How to Force Strong Password on WordPress Users

Why Force Strong Password on WordPress Users?

If you force strong password on your site users then you make sure that their accounts are safe. This, in turn, keeps your site secure from any spam or fraudulent activities. 

When you have a WordPress site on which any user can register, you can make it a vibrant and diverse community fairly quickly. However, this also brings with it a security problem. When any user can set his/her own password, there is a high probability that they can set a weak password. If a hacker gets hold of this weak password, he/she can take over your complete site in just a few minutes. This can cause great havoc to your online community, with even a possibility that you may not be able to revive it. Since you cannot rely on users to set strong passwords by themselves, it is better instead to just force strong password on WordPress users.

According to a study conducted by Centrify last year, hacked passwords are the reason behind 81% of all data breaches online. They even have a guide on how you yourself (and even your grandma) can hack weak passwords. If hacking a weak password is something you can do yourself, a professional hacker can do the kind of damage that’ll be almost irreparable.

After checking out the scary statistics, you might be wondering how you can request all your site users to set strong passwords for their accounts. The honest answer to this is you can’t. However, you can force the strong password on WordPress users through the user registration form itself. And the best tool you can have to create secure user registration forms on WordPress is RegistrationMagic.

Set Password Rules with RegistrationMagic

RegistrationMagic prevents users from setting weak passwords by employing its “Password Rules” feature. You can find “Password Rules” in RegistrationMagic’s “Global Settings” section. Install the RegistrationMagic plugin on your WordPress site and visit its “Global Settings” link.

Force Strong Password on WordPress Users Global Settings Menu

You will then see multiple headers under “Global Settings”. One of which is “Security”. Click on it and you find all the things that you need to take care of your WordPress form security. This is the global security settings for RegistrationMagic forms. The settings that you apply from here is applicable to all the forms, not any certain form on your site.

Force Strong Password on WordPress Users Global Settings Screen

It is here that you will find the “Enable Password Rules” checkbox. Enable this setting and a list of all “Password Rules” will appear.

Force Strong Password on WordPress Users password rule settings

There are 5 “Password Rules” and we will explore each one of them now.

Must contain an uppercase letter

The “Must contain an uppercase letter” rule ensures that the user enters at least one uppercase letter in his/her password. This increases the variation among characters in the password. How much variation is there in your password determines how secure the password is.

Must contain a number

The “Must contain a number” rule ensures that the user put in at least one number in the password. This is again a method of adding variation to the password.

Must contain a special character

The “Must contain a special character” rule ensures that the user puts in at least one special character in the password. Special characters are the characters on your keyboard which are neither an alphabet or a number. OWASP has a complete of special characters if you need to know what these are.

Minimum length & Maximum length

Then there’re the “Minimum length” and “Maximum length” password rules. These rules make sure that the password user chooses isn’t less than the “Minimum length” and more than the “Maximum length”. A password should at least be 10 characters long to be considered a strong password. The longer the password, the safer it is.

Password Rules on User Registration Form

Now, let’s see these rules in action on our user registration form.

As soon as I start entering in the password, a bar and a text below the password field keeps me updated on whether it is weak or strong. When I add only lowercase letters, it tells me that the password is ‘Weak’.

Weak Password

When I increase its length and add uppercase and numerical characters, it tells me that the password is ‘Medium’ strength.

Force Strong Password on WordPress Users medium password

Now, when I add some special characters to the mix, the form tells me that my password is ‘Strong’. Also, the bar below the field is now totally green, telling me that this password is safe for use. This is how you can force strong password on your users to make their accounts secure.

So, the best example of a strong password is one which is 10 characters long and has a mix of numbers, special characters with lowercase and uppercase letters.

Force Strong Password on WordPress Users strong password

Tips: To make sure if your user is an authentic one, RegistrationMagic offers you more smart tools. You can send registration token number via email to your users. This way you can also verify your user’s email id.

One Plugin Many Uses

There are many other measures that you can take to secure your form and make it perform as a professional one. This WordPress registration page builder plugin offers various fields and widgets to add to your form. So that you can add products, prices, timers, extra space etc. on your form.

Being able to force strong password on your users already offers your site some security check. Now you are free to take as many users as you want to create your own blogging site or online store.

I hope this tutorial covered everything you needed to know on how to force strong password on WordPress users. If you still have any questions, feel free to write in the comments section below. Our support team will get in touch with you immediately.

For more tutorials on how to work with RegistrationMagic’s amazing user management tools, stay tuned to our Blogs.

Leave a Comment

Your email address will not be published. Required fields are marked *