In this video, I'm going to show you how you to enforce strong passwords in your WordPress site.
Weak passwords are probably the number one way your site is gonna get hacked, and you've no control of that once you hand that account over to a user.
Well not anymore. Let's go.
"Hi and welcome to OSTips from OSTraining. I'm Rod Martin.
So you know the problem:
- We create a new user.
- We make them an administrator.
- WordPress assigns them a really strong password.
- WordPress allows them to change it.
If I say abc123, well that's a pretty weak password, but WordPress will allow me, as you know, to confirm the use of that weak password! So how do we fix this?
Well, there's a plug-in for that. I'm gonna:
- head over to plugins
- add new
- search for "force strong passwords"
And here's the four strong passwords plug-ins by Jason Kasper, who has a great reputation in the WordPress community. The plugin has 10,000 plus active installations. It hasn't been updated in two years, but then again it doesn't need to because of how this plug-in works. The plugin simply looks at the WordPress message that would normally be displayed, and then takes away the opportunity for someone to override WordPress's native, strong, password suggestions.
I'm going to:
- click install
- click activate
Head back over to users.
- add a new user
- add Bob
- give Bob a pretty easy password
- confirm the use of a weak password
- make him an administrator
- click add new user
There's an error message that pops up! Once again a strong password has been suggested. Now it doesn't have to be a password. As you know, it can be a strong passphrase, and WordPress will now accept it.
All right, that simple and free plugin is going to take all of your headaches about user passwords away. They'll always be strong, and they'll always use WordPress core's password protection system.
A terrific answer to this age-old problem.
Well thanks for watching. This has been OStips from OS Training."