The latest version of our WordPress security plugin, iThemes Security, includes a new streamlined WordPress login screen when the Strong Password Enforcement and WordPress Password Expiration settings are enabled. With this update, users can now easily generate a strong password from the WordPress admin login screen once their password expires.
WordPress Password Settings in iThemes Security
Passwords are a critical component of a solid WordPress security strategy. iThemes Security Pro includes two password-specific settings to help increase the security of your user’s passwords:
- Strong Password Enforcement
- WordPress Password Expiration
iThemes Security Pro makes it easier for you to enforce strong passwords, so you can have greater WordPress password security.
Strong Password Enforcement
iThemes Security’s Strong Password Enforcement setting forces users to use strong passwords as rated by the WordPress password meter. After enabling this setting, you can select the minimum role at which a user must choose a strong password.
WordPress Password Expiration pro
With iThemes Security Pro’s WordPress Password Expiration setting, you can strengthen passwords used on your site with automated password expiration. After enabling this setting, you can select the minimum role for password expiration, force password change on the next login and set the maximum password age (in days).
A Streamlined WordPress Login Screen For Expired Passwords
Password requirements like strength, age or a forced change, are now enforced when the user logs in. Users will now be prompted with a reason indicating why the password change is required and presented with a form to update their password. Users can then generate a strong password and update their password from this screen.
A Recap of All the WordPress Security Settings in iThemes Security Pro
In addition to WordPress password security, the iThemes Security plugin includes additional settings designed to harden your WordPress site.
|Security Check||A one-click “secure site” button that ensures your site is using the recommended features and settings.|
|Global Settings||Automatically blocks users snooping around for pages to exploit.|
|Admin User||An advanced tool that removes users with a username of “admin” or a user ID of “1”.|
|Away Mode||Disables access to the WordPress Dashboard on a schedule.|
|Banned Users||Blocks specific IP addresses and user agents from accessing the site.|
|Change Content Directory||An advanced feature to rename the wp-content directory to a different name.|
|Change Database Table Prefix||Changes the database table prefix that WordPress uses.|
|Local Brute Force Protection||Protects your site against attackers that try to randomly guess login details to your site.|
|Database Backups||Creates backups of your site’s database. The backups can be created manually and on a schedule.|
|File Change Detection||Monitors the site for unexpected file changes.|
|Hide Backend||Hides the WordPress login page by changing its name and preventing access to wp-login.php and wp-admin.|
|File Permissions||Lists file and directory permissions of key areas of the site.|
|Network Brute Force Protection||Join a network of sites that reports and protects against bad actors on the internet.|
|Server Config Rules||If you need to manually add the server config rules generated by iThemes Security to your server, you can find them here.|
|SSL||Configures use of SSL to ensure that communications between browsers and the server are secure.|
|Strong Password Enforcement||Forces users to use strong passwords as rated by the WordPress password meter.|
|System Tweaks||Advanced settings that improve security by changing the server config for this site.|
|WordPress Tweaks||Advanced settings that improve security by changing default WordPress behavior.|
|WordPress Salts||Updates the secret keys WordPress uses to increase the security of your site.|
|wp-config.php Rules||If you need to manually add the wp-config.php rules generated by iThemes Security to your server, you can find them here.|
|Malware Scan Scheduling
|Protects your site with automated malware scans. When this feature is enabled, the site will be automatically scanned each day. If a problem is found, an email is sent to select users.|
|Allows administrators to temporarily grant extra access to a user of the site for a specified period of time.|
|Strengthens the passwords on the site with automated password expiration.|
|Protects your site from bots by verifying that the person submitting comments or logging in is indeed human.|
|Settings Import and Export
|Export your settings as a backup or to import on other sites for quicker setup.|
|Two-Factor Authentication greatly increases the security of your WordPress user account by requiring additional information beyond your username and password in order to log in.|
|Logs user actions such as login, saving content and others.|
|Protects your site when outdated software is not updated quickly enough.|
|User Security Check
|Every user on your site affects overall security. See how your users might be affecting your security and take action when needed.|
Get iThemes Security Pro Now with 30+ Ways to Secure Your WordPress Website
iThemes Security, our WordPress security plugin, includes 30+ ways to protect your WordPress website, including enhanced WordPress password security, WordPress two-factor authentication, WordPress brute force protection and more.