Everyone knows that passwords are a critical component of a solid WordPress security strategy. Today, we’re making it easier for you to enforce strong passwords, making your sites more secure.
Enforcing Strong Passwords
Now you can let iThemes Security generate strong passwords for your users with just a few clicks. From your iThemes Security Pro Dashboard, under the Pro tab click Enable WordPress Password Enforcement. This setting forces new users to use a strong password.
Once you’ve enabled Strong Password Generation and set the minimum role, you can also choose the base character length of the passwords that will be generated.
WordPress recommends 50 characters to ensure the password will be measured as strong by the WordPress password meter. But we know that 50 characters is not always a user’s preference, so we built in the ability to choose the number of characters in the generated password.
Please note: This is the base number of characters for a generated password. The plugin will randomly generate a password starting from the length you designate and may add up to 10 characters.
Users can now generate a strong password from their Profile page in the WP Dashboard.
Set Password Expiration
You can now allow user passwords to expire, forcing new password creation and increased security for your WP sites. Click Enable password expiration from your iThemes Security Pro Dashboard, under the Pro tab.
Once you’ve enabled password expiration, you will see where you can set the minimum role for passwords to expire. You can also choose to force a periodic password change and even set the number of days a password can be in use before requiring a new one.
It’s a best practice to change passwords every 120 days, or 4 months.
Secure Your WP Sites Now
See the 30+ ways iThemes Security protects your WP sites. Pro users can take advantage of features like ticketed support, Malware Scanning and now Strong Password Generation and Password Expiration.