Toughen Up Your WordPress Site Security By Forcing Strong Passwords

It’s impossible to overstate security when it comes to managing your WordPress website. While a good web host will have certain measures in place to minimize the risk of any attacks on your site being successful, at the end of the day, much of the responsibility for keeping a website secure rests on the shoulders of the site owner or administrator.

While WordPress is a relatively secure publishing platform, if you and the other users on your site don’t choose secure passwords when setting up their accounts, there isn’t much the software can do to stop someone guessing those login credentials and running amok on the back end of your website. And you know that every 3rd person with access to your WP site is going to use ‘password123.’

However, by deploying the free Force Strong Passwords plugin, you can ensure that anyone creating or managing user accounts on your WordPress website chooses a password that will be incredibly hard to guess, whether someone is trying to break into your site manually or as part of an automated attack.

In this article we will give you a quick demonstration of how you can install this plugin on your website and start preventing your users from choosing weak passwords for their accounts, making your WordPress security even stronger.

How to Use the Force Strong Passwords Plugin on Your Website

As the Force Strong Passwords plugin is free to use, it can be installed on your site directly from the WordPress plugin directory.

To do so, log into the admin area of your site ( and then navigate to Plugins > Add New using the sidebar menu.

From the Add Plugins screen, enter ‘Force Strong Passwords’ in the search field, and then install the first item listed in the results.

Add Force Strong Passwords Plugin

Once the plugin has been installed and activated, the user profile screen will be updated to enforce strong passwords.

Force Strong Passwords Error

Now instead of just indicating whether a password is weak or not, with this plugin installed, your WordPress website will force users to enter a password that is strong.


A weak password is a sure-fire way to let attackers into your WordPress website through the front door. By installing this WordPress security plugin, in a just a few clicks, you can close this loophole on your website, and ensure that anyone trying to break into your website won’t have an easy time doing so.

This plugin has been created and is maintained by a group of developers, including Jason Cosper of WP Vulnerabilities and Simon Wheatly from the VIP team. And be sure to check the plugin’s ongoing updates and WP compatibility.

For more WordPress security measures and mitigation advice, we recommend the following resources:

New Posts in your inbox

  1. Not quite, Dan.

    While WordPress 4.3 encourages you to use a stronger password, you are still able to set and use a weak password. If Force Strong Passwords is activated on a site, it will not allow Authors, Editors or Administrators to use anything other than a “strong” password.

    This means FSP can still compliment the improvements made to passwords in WordPress 4.3.