While you can try to make your website as safe as possible with security plugins, they will all be meaningless if your visitors select a weak password. However, did you know that you can force strong passwords in WordPress?
A strong password makes it harder for a hacker to use brute force attacks to gain access to an account. On top of this, a visitor cannot select a common password like 123456, which can be easily guessed by anyone.
Today, I will demonstrate how to force strong passwords in WordPress with the No Weak Password plugin.
Why A Strong Password Is Vital
Account theft is a serious problem in 2019. Unfortunately, a lot of these cases are not the website or platform’s fault, but the visitor themselves. Selecting a weak password makes it easy for hackers to get into your account. However, hackers are not your only concern.
Angry siblings, nosey parents or friends, and plenty of other situations can lead someone to try and enter your account. When you select a password, you need to make sure it is strong and does not include your information.
For example, one of the more infamous passwords or codes is using your birthday. With social media platforms like Facebook, this information can be viewed publicly, which makes it a terrible choice.
Instead, you want a password that contains upper and lower case letters, numbers, and symbols. The longer the better.
It is also imperative that every password you use is unique. If one account is compromised, you do not want a domino effect to occur.
Thus, your passwords need to be strong and unique.
Installing No Weak Passwords
The No Weak Passwords plugin will force visitors to select a strong password in WordPress. On top of this, it ensures that a visitor cannot select a common password that is easy to guess.
To begin, click on Plugins and select the Add New option on the left-hand admin panel.
Search for No Weak Passwords in the available search box. This will pull up additional plugins that you may find helpful.
Scroll down until you find the No Weak Passwords plugin and click on the “Install Now” button and activate the plugin for use.
What a Visitor Will See
When a visitor tries to enter a new password that is on the list of common phrases, they will see this error message:
[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]ERROR: Your password exists on a list of known easy-to-guess passwords, and hence was forbidden.[/ht_message]
The password they entered will not be set as the new password, and they will have to enter a new one. It is a good idea to make it clear what a password must include to avoid frustration.
That’s It
Unlike the vast majority of WordPress plugins, there are no additional settings to configure. Although, there is a settings page with some useful information.
On the left-hand admin panel, click on Settings and select the No Weak Passwords option.
All you will find on the settings page is a list of other plugins you may find useful and a short FAQ. This will answer some basic questions about the plugin.
As long as the plugin is active, visitors will not be able to select a common password. The plugin determines what a common plugin is by following its pre-defined list. Any password found on this list cannot be used on your website.
However, this will not force visitors to change their password, which means that if they already have a weak password in place, this will not solve the problem.
To deal with this situation, you will need to force visitors to change their password.
Keep Passwords Secure
Unfortunately, because WordPress allows weak passwords, visitors are likely to pick one. Instead, forcing WordPress to only accept strong password requirements is a great way to boost your website’s security.
Here is the bad news if an account on your website is compromised, the user will always blame your website. This includes the individuals who pick 123456 as a password. By preventing this behavior, you are protecting your website.
Do you think the list of common passwords is large enough? Should WordPress only accept strong passwords?