Solid Security Pro Feature Spotlight – Password Requirements
In the Feature Spotlight posts, we are going to highlight a feature in Solid Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are shining the spotlight on the Password Requirements feature in Solid Security Pro, which is a great tool to secure your WordPress login.
In the Feature Spotlight posts, we are going to highlight a feature in Solid Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature.
Today we are shining the spotlight on the Password Requirements feature in Solid Security Pro, which is a great tool to secure your WordPress login.
Why We Developed Password Requirements
We know how hard it can be to get people to follow security best practices. A strong password is an essential part of your WordPress login security. Let’s talk about some of the common password pitfalls that can put your website at risk.
1. Weak passwords are still too common.
According to NordPass, the most common password included in all data dumps was 123456. A data dump is a hacked database filled with user passwords dumped somewhere on the internet. Can you imagine how many people on your website are using a weak password if 123456 is the most common password in data dumps?
2. The WordPress login is the most attacked part of your website.
The WordPress login is the most attacked part of a WordPress website, and using a weak password is like trying to lock your front door with a piece of tape. By default, the WordPress login URL is the same for every WordPress site, and it doesn’t require any special permissions to access. That’s why the WordPress login page is the most attacked—and potentially vulnerable—part of any WordPress site.
3. An 8-character password can be cracked instantly.
It has never taken long for a hacker to brute force their way past a weak password into a website. Now that hackers are leveraging computer graphics cards in their attacks, the time it takes to crack a password has never been lower.
According to Tech.co, an 8-character password can be cracked in seconds.
4. Too many people are reusing compromised passwords.
Another thing to keep in mind when it comes to password security is that you need a different strong password for each of your online accounts. If you use the same password for every site and one of those sites is compromised, you are now using a compromised password on every website. Hackers can use data dumps of compromised passwords paired with your email address or username to gain access to your accounts. It’s best not to even take the risk.
Even though 91% of people know reusing passwords is poor practice, 66% of people still use the same password or a variation of it. Many of these people are still using passwords that they know have appeared in a database dump.
Hackers use a form of a brute force attacked called a dictionary attack. A dictionary attack is a method of breaking into a WordPress website with commonly used passwords that have appeared in database dumps. The “Collection #1″ Data Breach that was hosted on MEGA hosted included 1,160,253,228 unique combinations of email addresses and passwords. That kind of score will really help a dictionary attack narrow the most commonly used WordPress passwords.
As you can see, having a password policy is an essential part of our WordPress security strategy. However great your password policy is, it isn’t worth anything if your administrator and editors aren’t following the guidelines.
What Are Password Requirements in Solid Security Pro?
The Password Requirement feature in Solid Security Pro is not only your password policy, but it is also your enforcement tool. You can force members of a user group to use a strong password, choose a time of password expiration, refuse compromised passwords, and force a site-wide passwords change to make everyone comply with your new strong password policy.
- Force Strong Passwords – Force a set of users to use a strong password.
- Password Expiration – Set the maximum number of days a password can be used before it is expired.
- Refuse Compromised Passwords – Force users to use passwords that have not appeared in any password breaches tracked by Have I Been Pwned.
According to the Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work. But the most important stat from the report is that 81% of hacking-related breaches leveraged either stolen or weak passwords. The Solid Security Pro Password Requirements will help secure your WordPress login against all the password pitfalls mentioned in this post.
Plus, you get the added bonus of enforcing your password policy with a click of a button. As humans, we are hardwired to take the path of least resistance. By removing the option to use weak or compromised passwords, you are helping everyone protect their accounts.
How to Use Password Requirements in Solid Security Pro
To get started with your new password policy, navigate to the User Group settings and click Edit Multiple User Groups.
Now select the User Groups that you want to enforce a password policy, check all of the boxes in the Password Requirements section, and then click the save button.
One quick note on password expiration: There are some people in the security community who think we should abandon the password expiration policy. They say that if you are using a unique and strong password, no amount of time will make your password weaker.
We recommend enabling this for all the users on your website. It is completely understandable and encouraged to make creating a new customer account as easy as possible. However, your customer may not know that the password they are using has been found in a data dump. You would be doing your customer a great service by alerting them to the fact that the password they are using has been compromised. If they are using that password everywhere, you could save them from some major headaches down the road.
And finally, navigate to the security dashboard and click the Force Password Change button on the User Security Profiles card. Now, all users will be forced to create a new password that complies with your new password policy the next time they log in.
Wrapping Up
Your WordPress login is the most attacked part of your website, and a strong password is your first line of defense. The Password Requirements feature in Solid Security Pro makes it easy for you to create and enforce a password policy to secure and protect your WordPress login.
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed
