WordPress Password Security Updates for iThemes Security

The latest version of our WordPress security plugin, iThemes Security, includes a new streamlined WordPress login screen when the Strong Password Enforcement and WordPress Password Expiration settings are enabled. With this update, users can now easily generate a strong password from the WordPress admin login screen once their password expires.

Avatar photo
SolidWP Editorial Team
The latest version of our WordPress security plugin, iThemes Security, includes a new streamlined WordPress login screen when the Strong Password Enforcement and WordPress Password Expiration settings are enabled. With this update, users can now easily generate a strong password from the WordPress admin login screen once their password expires. wordpress password settings
To take advantage of this update, you’ll need iThemes Security Pro (v. 4.0). Current iThemes Security Pro, Plugin Suite and Toolkit customers will find the 4.0 update available for licensed sites or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.

WordPress Password Settings in iThemes Security

Passwords are a critical component of a solid WordPress security strategy. iThemes Security Pro includes two password-specific settings to help increase the security of your user’s passwords:
  1. Strong Password Enforcement
  2. WordPress Password Expiration
iThemes Security Pro makes it easier for you to enforce strong passwords, so you can have greater WordPress password security.

Strong Password Enforcement

iThemes Security’s Strong Password Enforcement setting forces users to use strong passwords as rated by the WordPress password meter. After enabling this setting, you can select the minimum role at which a user must choose a strong password.
Note: If your site invites public registrations setting the role too low may annoy your members.

WordPress Password Expiration pro

With iThemes Security Pro’s WordPress Password Expiration setting, you can strengthen passwords used on your site with automated password expiration. After enabling this setting, you can select the minimum role for password expiration, force password change on the next login and set the maximum password age (in days).
Note: We suggest enabling this setting for all users, but it may lead to users forgetting their passwords.

A Streamlined WordPress Login Screen For Expired Passwords

Password requirements like strength, age or a forced change, are now enforced when the user logs in. Users will now be prompted with a reason indicating why the password change is required and presented with a form to update their password. Users can then generate a strong password and update their password from this screen. wordpress password settings

A Recap of All the WordPress Security Settings in iThemes Security Pro

In addition to WordPress password security, the iThemes Security plugin includes additional settings designed to harden your WordPress site.
Setting Description
Security Check A one-click “secure site” button that ensures your site is using the recommended features and settings.
Global Settings Automatically blocks users snooping around for pages to exploit.
Admin User An advanced tool that removes users with a username of “admin” or a user ID of “1”.
Away Mode Disables access to the WordPress Dashboard on a schedule.
Banned Users Blocks specific IP addresses and user agents from accessing the site.
Change Content Directory An advanced feature to rename the wp-content directory to a different name.
Change Database Table Prefix Changes the database table prefix that WordPress uses.
Local Brute Force Protection Protects your site against attackers that try to randomly guess login details to your site.
Database Backups Creates backups of your site’s database. The backups can be created manually and on a schedule.
File Change Detection Monitors the site for unexpected file changes.
Hide Backend Hides the WordPress login page by changing its name and preventing access to wp-login.php and wp-admin.
File Permissions Lists file and directory permissions of key areas of the site.
Network Brute Force Protection Join a network of sites that reports and protects against bad actors on the internet.
Server Config Rules If you need to manually add the server config rules generated by iThemes Security to your server, you can find them here.
SSL Configures use of SSL to ensure that communications between browsers and the server are secure.
Strong Password Enforcement Forces users to use strong passwords as rated by the WordPress password meter.
System Tweaks Advanced settings that improve security by changing the server config for this site.
WordPress Tweaks Advanced settings that improve security by changing default WordPress behavior.
WordPress Salts Updates the secret keys WordPress uses to increase the security of your site.
wp-config.php Rules If you need to manually add the wp-config.php rules generated by iThemes Security to your server, you can find them here.
Malware Scan Scheduling
PRO
Protects your site with automated malware scans. When this feature is enabled, the site will be automatically scanned each day. If a problem is found, an email is sent to select users.
Privilege Escalation
PRO
Allows administrators to temporarily grant extra access to a user of the site for a specified period of time.
Password Expiration
PRO
Strengthens the passwords on the site with automated password expiration.
reCAPTCHA
PRO
Protects your site from bots by verifying that the person submitting comments or logging in is indeed human.
Settings Import and Export
PRO
Export your settings as a backup or to import on other sites for quicker setup.
Two-Factor Authentication
PRO
Two-Factor Authentication greatly increases the security of your WordPress user account by requiring additional information beyond your username and password in order to log in.
User Logging
PRO
Logs user actions such as login, saving content and others.
Version Management
PRO
Protects your site when outdated software is not updated quickly enough.
User Security Check
PRO
Every user on your site affects overall security. See how your users might be affecting your security and take action when needed.

Get iThemes Security Pro Now with 30+ Ways to Secure Your WordPress Website

iThemes Security, our WordPress security plugin, includes 30+ ways to protect your WordPress website, including enhanced WordPress password security, WordPress two-factor authentication, WordPress brute force protection and more.

Get iThemes Security Pro

Did you like this article? Spread the word: