How to setup Password Policy Enterprise plugin | WordPress

Password Policy Manager includes user’s password management features like auto password expiration, one click password reset, enforce strong password, role-based password policy, Automatically lock inactive users, password history management and many more. Weak passwords are the primary perpetrators of WordPress website attacks. To fix this issue, the password policy manager plugin was developed. Password policy will help administrators ensure that their users use strong passwords. Its password strength meter enables you to know the strength of your users’ passwords and enforce password change if deemed necessary. Configuring a strong password policy ensures the use of strong passwords thereby securing your website.

Pre-requisites: Download And Installation

You can download Password Policy Manager plugin using the following link:

Password Policy Manager | Password Manager

By miniOrange

(5)

Easy to manage password policies and enforce your user to use a strong password with a user password manager, password expiration, one-click reset of …

 Tested with 6.1.1

Get this plugin

Follow the steps below to configure password policy Enterprise plugin:

1. Password Policy (For all Users)

• Click on the miniOrange Password Policy plugin from the left side menu.




• Click For all Users button.
• Enable Password Policy all settings toggle button on the right side.
• Now, enable the settings as per your requirement for setting a password.
• Click on the Save Settings button.




• Now we will open this site in a private window.
• Enter your login credentials and click on the Login button.




• Now a password reset page popup will appear and enforce the new password policy.




• Enter the Current password, New Password and Verify the new password.
• Click on the Change Password button.


• Now you have Successfully reset the password for all users.




Password Policy (Specific Roles)

• Click on the Specific Roles button and select any one specific user role.
• Click on the Save Settings button.

• Now we will open this site in a private window..
• Go to the WordPress login page and enter your login credentials.
• You will see a popup of the reset password page.
• The rest of the steps are the same as for all users. Click here to view the same.

2. Enable expiration time (For all Users)

• Now let's set password expiry for all users.
• Click For all Users button.
• Enable Password expiry Toggle button.
• Selects the password expiration time (Minimum 1 and Maximum 28 days, weeks or months).
• Click on the Save Settings button.



 Example - If you set password expiry for 1 month then users will have to set a new password after 1 month.




Enable expiration time (Specific Role)

• Now let's set the password expiry for a specific User role.
• Click on the Specific Roles tab and select any user role.
• Selects the password expiration time (Minimum 1 and Maximum 28 days, weeks or months).
• Click on the Save Settings button.



 Example - If you set the password expiration to 1 month, the users you selected will have to set a new password after 1 month.

3. One-Click Reset Password (For all Users)

• Terminates all logged in sessions for the users and resets their Password. Users need to set up a new Password via a Reset link sent on their email.
• Now let's set the One-Click Reset Password for all users.
• Click on the For all Users button.
• First configure SMTP to reset your the passwords for all users.
• Click on the Reset Password button.




• Go to the login page.
• Enter your login credentials and click on the Login button.
• See the message (Reset password link has been sent to your mail please check)




• Go to your email and click on the Reset Password link.




• After that, enter the new password as per the policy given below and click on the Save button.




• Click on Login.




• Enter the username and New password.
• Click on the Login button.


• You have Successfully logged into your account.



One-Click Reset Password (Specific Roles)

• Now let's set the One-Click Reset Password for Specific Roles.
• Click on the Specific Role and select any one user role.
• Click on the Reset Password button.


• Now go to the WordPress login page and enter your login credentials.
• Then you will see a popup of the error message.
• The rest of the steps are the same as for all users. Click here to view the same.

1. Password History Management

 This setting will prevent you and your users from using previously stored passwords. This will make the password more secure and safe from attacks. You are given the option to select the number of previous passwords you do not want to allow.

• Go to Advance settings tab.
• Go to the Password History Management feature and enable the Toggle button.
• Select the number of previous passwords you do not want to allow and click on the Save Settings button.



 Example - If your users have selected 3 previous passwords, they cannot use 3 previously used passwords.






2. Automatically lock Inactive user

 This setting will help you to temporarily lock those users who are inactive for a selected amount of time, because inactive users are prime targets for hackers.

• Go to the Automatically lock inactive user feature and enable the Toggle button.
• Now, select the time duration in days, weeks or months to lock the user automatically.
• If you want to apply to the administrator, then enable the checkbox in front of Apply on Administrator.
• Click on the Save Settings button.



 Example - If 1 day is chosen to lock Inactive users, then users inactive for 1 day will be automatically locked.




3. Destroy inactive user sessions

 Automatically logout if the user and destroy their session if they do not perform any action for the specified amount of the time.

• Enable inactive user logout checkbox.

• You can select inactive logout duration.
• If you want to apply for the administrator role, enable the Apply on administrators option.
• Click on the Save button.



 Example - If you have set 1 minute as the time limit, then the user will be logged out if no action is taken for 1 minute.




4. Custom Redirect URL

 This setting will help you to set the redirect URL, wherein the user will be redirected after they reset their password.

• Now, Go to the Custom Redirect URL feature.
• Select any user role and enter any redirect URL and click on the Submit button.


• Now go to the WordPress login page and login.
• You will see a popup of the reset password page.
• After you reset the password you will be redirected to the URL you entered.





5. Hide Password reset link from WP-login

 This is a feature to hide the Lost Your Password option when you enter the wrong password while logging in.

• Now, go to the Hide Password reset link from WP-login feature and enable the Toggle button.




• Enter the exact text you want to hide from wp-login page and click on the Save button.


• Go to the login page and see the hide text.





6. Generate Random Password

 When you reset the password you are given the option to generate a random password.

• Now, Go to the Generate Random Password feature and enable the Toggle button.




• When user login first time he will see generate password option on password reset page.
• Enter current password and click on the Generate password button.


• Your password has been automatically generated.





7. Customize Password Reset Page

 This feature is provided to customize the reset password page.

• Go to the Customize Password Reset page feature.
• You can customize the following features as shown in the image below and see the customize reset password page on the right side




• After completing the customization click on the Save Settings button below.




• If you want to reset the settings, click on the Reset Settings button on the right side.

You can view the report of the users who are currently logged in as well as those who are currently inactive in the reports tab.

Users Login Report -

• Go to the Reports tab.
• Enable users login Report entry and all Users’ login data is shown.




• If you want to remove the user from the users login report, click on Remove on the right side.
• If you want to remove the data of all users from the login report, then click on the Clear All button visible on the top-right side.

Inactive Users Report -

• Go to the Inactive Users Report.
• If you have inactive users, then you will see the following report.
• If you want to remove the user from the inactive users report, click on Remove on the right side.
• If you want to remove the data of all users from the Inactive users report, then click on the Remove All button visible on the top-right side.

• Go to the Registration Forms tab.
• You can use the login forms below with the Password Policy plugin.

Business Trial For Free

If you are looking for anything which you cannot find, please drop us an email on securityteam@xecurify.com