Setting Up a Strong Password Policy for WordPress: 6 Plugins


Currently trending WordPress plugins

Many new webmasters I know choose passwords that are too easy to guess and don’t even remember who they have shared their passwords with. Running your website that way is disastrous and could come back to bite you in the future. As a webmaster, you need to enforce a strong password policy and make sure you don’t share your passwords with just anyone. Here are 6 ways to set up a safe password policy for your website:

Enforce strong passwords: as a webmaster, you should not have a weak password. You also should not allow your members to have weak passwords. These plugins help you enforce strong passwords across your site.

Expire passwords every few months: just because hackers have not guessed your password yet, does not mean they won’t in the future. You should reset all your passwords every few months just to be on the safe side.

Setup emergency password reset rules: this is another no brainer. If your site gets hacked, you should reset all passwords and log everyone out immediately.

Protect your login page by IP: you don’t want strangers playing around with your login page, do you? Just restrict login access to everyone but admins by IP.


Take advantage of 2-way authentication to protect accounts: those of you who are active on Google+ or Twitter are probably using this option already. You can also enable it for WordPress accounts.

Try a secure mobile login: many of us take our mobile phones everywhere. Why not use these devices to sign-in safely? Do yourself a favor and use a secure mobile login solution to avoid compromising your site’s defenses against hackers.

Use one time passwords in public: want to access your website using a public wireless network or a public computer? One-time passwords are the way to go.

Choosing a strong password for your website does not make it protected against all hack attacks. But why take a chance and leave your site open to more attacks?

More WordPress reading: