How to Force Strong Password on Users in WordPress

On Jul 8, 2019

We have already noticed other sites requiring their users to have a strong password. Bluehost requires their users to have a strong password for email in cPanel. Arstechnica wrote a great article on why passwords have never been weaker — and crackers have never been stronger. While WordPress has a password strength meter that shows user how strong their password is, it does not enforce the strength. Having an administrator or editor level user with a weak password can present a security risk. In this article, we will show you how to force strong passwords on users in WordPress.

Video Tutorial

Subscribe to WPBeginner

If you don’t like the video or need more instructions, then continue reading.

We will use the plugin Force Strong Passwords. This plugin duplicates the WordPress JavaScript password strength check in PHP, and forces users with executive powers to use a strong password.

So basically any user that has the capability to publish posts, upload files, or edit published posts must have a strong password. This means all user roles except for Contributor and Subscriber.

All you have to do is install and activate the plugin. It will take care of the rest.

Are you using a strong password on your site?