Best Plugins For Enforcing Strong User Passwords In WordPress

WordPress user profile includes a JavaScript-powered indicator which only tell you the strength of a password being entered. However, there is no other feature included for stopping users to enter weak passwords. This post is about two simple WordPress plugins you can use for enforcing string passwords. Both plugin are a little bit different from each other in their features.


Enforce Strong Password

The plugin forces all your WordPress site users to keep a strong password at the time they are changing it from their profile page. It displays and error message if a user enters a weak password. The plugin uses the same algorithm to determine password strength as WordPress.

In a WordPress multisite network, network admin can define required password strength from Network Admin Dashboard -> Settings -> Enforce Strong Passwords. Where as on single site it’s admin has this capability from Dashboard -> Settings -> Enforce Strong Passwords page.

Force Strong Passwords

The plugin forces your WordPress site users to enter something strong while they are updating their passwords. It duplicates WP JavaScript password strength check in PHP and forces your users with executive powers to use a strong password.

Strong passwords are enforced for all users who have any of a specified array of capabilities. Default list is: publish_postsupload_filesedit_published_posts (view Roles and Capabilities). If the user whose password is being edited holds any of these capabilities, the strong password enforcement will be triggered. You can customize this list using the slt_fsp_caps_check filter, visit this plugin’s page for more info on its filters.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.