How to Force Users to Create Complex Passwords When Signing Up on a WordPress Website

Are you aware that 81% of data breaches happen due to weak or stolen passwords? That’s quite alarming, isn’t it? 

It simply means that if people could stop using weak passwords, such as their birthdays, phone numbers, pet names, middle names, social security numbers, or children’s names, then over 50% of data breach issues would be resolved.

Unfortunately, not everyone takes their online passwords seriously, especially when it comes to WordPress sites. Whether it’s a membership site, online store, or any other WordPress site where users create accounts, many people tend to create accounts with weak passwords, thereby creating weak points in your WordPress site for hackers to exploit. 

Won’t it be better if you could enforce the use of strong passwords when users sign up on your site, even if you have to generate passwords for them, just to protect your WordPress site from breaches?

Well, in this guide, you will discover how to force users to create complex passwords during signup and how to automatically generate passwords manually and with WordPress plugins.

Why You Should Generate Strong Passwords for Your WordPress Users

WordPress sites have evolved far beyond a simple blog platform to a powerful CMS that manages sensitive data and processes real-time transactions. It’s imperative to protect WordPress sites now more than ever. 

When you allow users to use short and weak passwords on your site, especially those with more permissions, you expose your site to hackers and vulnerabilities.

Even if users have basic roles like customers in an eCommerce website, their sensitive data are worth protecting. If hackers gain access to your user’s accounts, they can use users’ data from your site for illicit gain, which might expose you to lawsuits against data protection.

Enforcing the use of strong, complex passwords is how you keep hackers at bay and protect your business and customers. If users are too lazy to use complex passwords to protect their data, then you should set up systems that will help them generate passwords for WordPress sites.

Rules to Generate Strong Passwords in WordPress 

For a password to be considered strong, there are some elements it must contain. This can help you generate secure passwords in WordPress for your users, ensuring they are difficult for hackers to guess but easy for the owners to remember.

Here’s what makes a strong password:

• Long: The first component of a strong password is its length. A strong password should have a minimum length of 10 characters. The longer the Password, the harder it is to guess or generate the Password with software.
• Complex: The second component of a strong password is that it must be complex. A complex password contains a combination of uppercase, lowercase, numbers, and special characters.
• Unique: The last component of a strong password is that it must be unique, i.e., different on each account or platform. Reusing the same Password across platforms can increase your level of exposure when one account is compromised.

Plugins That Help You Force Generate Complex Passwords in WordPress

Although most WordPress security plugins focus on blocking brute-force login attempts and adding other security rules, there are others that you can use to force users to use complex passwords and generate passwords for them when signing up to your WordPress site. 

Our top plugins to force users to create complex passwords when signing up on a WordPress website include:

• Password Policy Manager
• User Profile Builder
• User Registration & Membership
• Ultimate Member
• Forminator
• Password Strength Requirements for WooCommerce

How to Enforce Strong Passwords With Password Policy Manager

The Password Policy Manager is a WordPress plugin that allows you to enforce the use of strong passwords when creating an account in WordPress. 

The plugin allows you to create strong password rules, including password strength, auto password expiry, force password change, Password reset, etc. It also allows you to monitor active and inactive users’ activity logs, lock out fraudulent login access, and reset users’ passwords.

To use the Password Policy Manager, go to Plugins > Add New from your WordPress dashboard.

Search for Password Policy Manager, and install and activate the plugin. 

Then, click on Password Policy Manager from the left panel. You can set rules for all users’ passwords, such as the use of lowercase and uppercase letters, numbers, special characters, and password length.

Unfortunately, the Generate Random Password setting is available only in the premium version of this WordPress plugin. So, if you wish to enable this feature, you need to upgrade to the Premium version. Then, go to Password Policy Manager > Addons and enable Generate Random Password. 

How to Enforce Strong Passwords With User Profile Builder

User Profile Builder is an all-in-one profile and registration plugin for creating front-end login and registration forms with custom fields. It allows you to restrict content based on user roles and logged-in status. 

It allows you to create user registration forms and enforce WordPress password requirements for users upon registration by setting up a minimum password length and minimum password strength (using the default WordPress password strength meter). 

To use this plugin to force users to create complex passwords, go to Plugins > Add New. Search for User Profile Builder, install, and activate the plugin. 

Then go to Profile Builder > Settings > General Settings. Scroll down to the Security section, enter the minimum password length, and change the minimum password strength from Very Weak to Strong.

Then, head over to the generated registration page during the setup wizard to test the password strength.

How to Enforce Strong Passwords With User Registration & Membership

User Registration & Membership is also a membership plugin for WordPress sites. This plugin allows you to create membership websites and dynamic registration forms in minutes. 

It comes with built-in login forms, membership groups, user profiles, and a variety of other powerful tools. You can also restrict content access based on membership levels, roles, capabilities, user state, etc. 

To use this plugin on your WordPress site, go to Plugins > Add New. Search for User Registration & Membership, and install and activate the plugin.

Once activated, the setup wizard will be launched. Click the Get Started button. 

In the first step, you will be required to choose a registration type. You can choose either normal registration or membership registration. The second step involves the plugin creating the necessary pages.

The third step in the setup is Settings — there, you can enable the Require Strong Password option and set the Minimum Password Strength to Strong. This will require users to use complex passwords when creating their accounts using the registration forms generated by this plugin.

Complete the setup and head over to the Add New form, select from scratch or an existing template. 

In the form builder, you can select User Password > Form Settings to set the Minimum Password Strength per form. You can choose Strong or Custom to define your own rules.

You can use the preview button to test the password rule before publishing the form. 

How to Enforce Strong Passwords With Ultimate Member

Ultimate Member is a membership WordPress plugin that allows users to sign up and have profiles on your WordPress site. 

Ultimate Member features include front-end user login and registration, custom form fields, conditional logic for form fields, custom user roles, content restrictions, etc. 

You can also force users to use complex passwords during registration with Ultimate Member. Simply go to Settings > General tab > Users.

Scroll down to Password and tick Enable strong passwords. Then, set the password minimum and maximum lengths.

You can then use the auto-generated registration page to test the password strength. Your users will only get a warning message when they enter a weak password.

How to Enforce Strong Passwords With Forminator

Forminator is a popular and highly customizable form builder for WordPress sites. It allows you to build contact forms, payment forms, and custom forms. Forminator allows you to create conditional fields and make calculations in your forms. It also supports the use of a captcha to reduce spam submissions.

You can use Forminator to build a user registration form for your WordPress site and force users to use complex passwords, even when creating an account on your site.

To use Forminator, go to Plugins > Add New. Search for Forminator, install, and activate the plugin. 

Then go to Forminator > Forms. Click the Add New button to create a new form. 

Forminator comes with some form templates to speed up your form-building process. You can choose to charge a blank form to start from scratch or select a template. 

In this guide, we will select the Registration template and click Create Form.

From the form builder, we will select the settings icon next to Password and click Edit Field. 

Then, select the Settings tab, change the minimum password length from None to Strong, and click Apply.

You can then create a registration page for users and insert the form shortcode in it.

How to Force Strong User’s WooCommerce Passwords With Password Strength Requirements for WooCommerce

If you are a WooCommerce shop owner, you can force users to use strong passwords when creating an account on your online store from the My Account page or during checkout with the Password Strength Requirements for WooCommerce plugin.

To use this plugin, go to Plugins > Add New. Search for Password Requirements Settings for WooCommerce, and install and activate the plugin.

Then, go to WooCommerce > Settings > Account & Privacy and scroll down to Password Strength Settings.

Set the minimum password length, minimum numeric characters, and minimum special characters.

After making your changes, click Save Changes and proceed to test the WooCommerce registration page or checkout page if you enable account creation on checkout.

Custom Code to Manually Enforce Strong Passwords and Generate Password WordPress Rules

If you are a developer and you don’t want to use a WordPress plugin to enforce strong password rules, you can manually force users to use strong passwords and generate passwords with the WordPress wp_generate_password function. 

You can use the function in code snippets to enforce password rules using uppercase, symbols, length, etc.

wp_generate_password( 
$length = 10, 
$special_chars = true, 
$extra_special_chars = false
):
string

From the code, the first parameter is the length. Here, you can specify the minimum password length. The second parameter is a boolean for standard special characters. You can specify true or false. The third parameter is also a boolean for extra special characters. You can specify true or false.

Here’s an example of a code snippet using the wp_generate_password function:

<?php echo __( 'New password: ', 'textdomain' ) . wp_generate_password( 8, false ); ?>

The code above will generate an 8-character password using only letters and numbers.

<?php echo __( 'Password: ', 'textdomain' ) . wp_generate_password( 10, true, true ); ?>

The code above will generate a 10-character password consisting of letters, numbers, special characters (!@#$%^&*()), and extra special characters (-_ []{}~`+=,.;:/?|):

What’s the Right Plugin to Force Users to Create Complex Passwords?

The right plugin for you will depend solely on your website needs and type. If you are running a simple website with support for user registration, you can use the Password Policy Manager. 

If you want a simple website but with custom fields and conditional logic, then you should opt for Forminator.

If you want a simple WordPress site with user profiles, content restrictions, and user role management, your go-to plugin will be the User Profile Builder.

If you own a membership site, then you can use either Ultimate Member or User Registration & Membership.

If you want to enforce complex passwords for WooCommerce websites, then the best option is the Password Strength Requirements for WooCommerce.

If you want to be able to generate passwords for WordPress users during registration, the Password Policy Manager is the best choice.

Conclusion

To protect your users’ data, prevent exposing your WordPress site to vulnerabilities, and avoid legal issues, you should force users to generate complex passwords when signing up to your WordPress site.

We have shown you various plugins you can use to enforce the use of strong passwords and the best scenarios to help you choose the right plugin for your site. We have also shown you how to generate passwords with the WordPress wp_generate_password function manually. 

It’s pretty easy to set up the use of complex passwords in WordPress, and you shouldn’t hesitate to implement it on your website.