Setup Password Policy Manager to enforce WordPress password security

Password Policy Manager includes user’s password management features like auto password expiration, one click password reset, enforce strong password, role-based password policy, Automatically lock inactive users, password history management and many more. Weak passwords are the primary perpetrators of WordPress website attacks. To fix this issue, the password policy manager plugin was developed. Password policy will help administrators ensure that their users use strong passwords. Its password strength meter enables you to know the strength of your users’ passwords and enforce password change if deemed necessary. Configuring a strong password policy ensures the use of strong passwords thereby securing your website.

Password policy setup guides-

Follow these steps to set up the Password Policy setting.

Click on the miniOrange Password Policy Plugin from the left side menu.

Click the Toggle button and enable Password Policy settings.
As per the information given below select the check box for password policy.
After enabling these settings, Click on the Save Settings button.

After saving the policy, when a user tries to login the reset password page will open.
Enter your credentials and click on the Login button.

Now, the Password Reset page will open.
Follow the new password guidelines.

Enter the old password, the new password and verify the new password.
Click on the Change Password button.

After submitting the new password the user will be Successfully logged in.

Follow the steps below to configure password policy Premium plugin:

Password Policy settings -

1. Password Policy (For all Users)

Click on the miniOrange Password Policy plugin from the left side menu.

WordPress password security configuration - WordPress Dashboard

Click For all Users button.
Enable Password Policy all settings toggle button on the right side.
Now, enable the settings as per your requirement for setting a password.
Click on the Save Settings button.

WordPress password security configuration - Click Save settings button

Now we will open this site in a private window.
Enter your login credentials and click on the Login button.

WordPress password security configuration - Enter login credentials

Now a password reset page popup will appear and enforce the new password policy.

WordPress password security configuration - Reset Password page

Enter the Current password, New Password and Verify the new password.
Click on the Change Password button.

WordPress password security configuration - Enter new and confirm password

Now you have Successfully reset the password for all users.

Password Policy (Specific Roles)

Click on the Specific Roles button and select any one specific user role.
Click on the Save Settings button.

Now we will open this site in a private window..
Go to the WordPress login page and enter your login credentials.
You will see a popup of the reset password page.
The rest of the steps are the same as for all users. Click here to view the same.

2. Enable expiration time (For all Users)

Now let's set password expiry for all users.
Click For all Users button.
Enable Password expiry Toggle button.
Selects the password expiration time (Minimum 1 and Maximum 28 days, weeks or months).
Click on the Save Settings button.

WordPress password security configuration - Enable Expiry time

miniorange img Example - If you set password expiry for 1 month then users will have to set a new password after 1 month.

Enable expiration time (Specific Role)

Now let's set the password expiry for a specific User role.
Click on the Specific Roles tab and select any user role.
Selects the password expiration time (Minimum 1 and Maximum 28 days, weeks or months).
Click on the Save Settings button.

miniorange img Example - If you set the password expiration to 1 month, the users you selected will have to set a new password after 1 month.

3. One-Click Reset Password (For all Users)

Terminates all logged in sessions for the users and resets their Password. Users need to set up a new Password via a Reset link sent on their email.
Now let's set the One-Click Reset Password for all users.
Click on the For all Users button.
First configure SMTP to reset your the passwords for all users.
Click on the Reset Password button.

WordPress password security configuration - Click Reset password page

Go to the login page.
Enter your login credentials and click on the Login button.
See the message (Reset password link has been sent to your mail please check)

WordPress password security configuration - Message after login

Go to your email and click on the Reset Password link.

WordPress password security configuration - Reset password link

After that, enter the new password as per the policy given below and click on the Save button.

WordPress password security configuration - Click save password button

Click on Login.

WordPress password security configuration - Click on login

Enter the username and New password.
Click on the Login button.

WordPress password security configuration - Click login button

You have Successfully logged into your account.

One-Click Reset Password (Specific Roles)

Now let's set the One-Click Reset Password for Specific Roles.
Click on the Specific Role and select any one user role.
Click on the Reset Password button.

WordPress password security configuration - Select specific role

Now go to the WordPress login page and enter your login credentials.
Then you will see a popup of the error message.
The rest of the steps are the same as for all users. Click here to view the same.

Advance Settings

1. Password History Management

miniorange img This setting will prevent you and your users from using previously stored passwords. This will make the password more secure and safe from attacks. You are given the option to select the number of previous passwords you do not want to allow.

Go to Advance settings tab.
Go to the Password History Management feature and enable the Toggle button.
Select the number of previous passwords you do not want to allow and click on the Save Settings button.

WordPress password security configuration - Advance Settings tab

miniorange img Example - If your users have selected 3 previous passwords, they cannot use 3 previously used passwords.

2. Automatically lock Inactive user

miniorange img This setting will help you to temporarily lock those users who are inactive for a selected amount of time, because inactive users are prime targets for hackers.

Go to the Automatically lock inactive user feature and enable the Toggle button.
Now, select the time duration in days, weeks or months to lock the user automatically.
If you want to apply to the administrator, then enable the checkbox in front of Apply on Administrator.
Click on the Save Settings button.

WordPress Password Security - Click save settings button

miniorange img Example - If 1 day is chosen to lock Inactive users, then users inactive for 1 day will be automatically locked.

3. Force Reset Password on first login

miniorange img Enable this setting so your users, customers & subscribers reset their password the first time they login to your website.

Go to the Force Reset Password on first login feature and enable the Toggle button.

WordPress password security configuration - Enable Force reset password

4. Hide Password reset link from WP-login

miniorange img This is a feature to hide the Lost Your Password option when you enter the wrong password while logging in.

Now, go to the Hide Password reset link from WP-login feature and enable the Toggle button.

WordPress password security configuration - Enable password reset link

Enter the exact text you want to hide from wp-login page and click on the Save button.

WordPress password security configuration - Enter String

Go to the login page and see the hide text.

5. Generate Random Password

miniorange img When you reset the password you are given the option to generate a random password.

Now, Go to the Generate Random Password feature and enable the Toggle button.

WordPress password security configuration - Enable Generate random password

When user login first time he will see generate password option on password reset page.
Enter current password and click on the Generate password button.

WordPress Password Security - Click generate password button

Your password has been automatically generated.

Reports

You can view the report of the users who are currently logged in as well as those who are currently inactive in the reports tab.

Users Login Report -

Go to the Reports tab.
Enable users login Report entry and all Users’ login data is shown.
If you want to remove the user from the users login report, click on Remove on the right side.
If you want to remove the data of all users from the login report, then click on the Clear All button visible on the top-right side.

WordPress password security configuration - User login entry

Inactive Users Report -

Go to the Inactive Users Report.
If you have inactive users, then you will see the following report.
If you want to remove the user from the inactive users report, click on Remove on the right side.
If you want to remove the data of all users from the Inactive users report, then click on the Remove All button visible on the top-right side.

WWordPress password security configuration - Inactive user entry

Registration Forms

Go to the Registration Forms tab.
You can use the login forms below with the Password Policy plugin.