How to Use iThemes Security to Enforce Strong Passwords in WordPress

It’s important to think about password security in WordPress. Enforce strong passwords so that your users are never able to have one like “chicago”, and you’re well on your way. But how? How can you make sure that WordPress passwords are as strong as they should be, when you aren’t the only one with an account on the site? That’s where the iThemes Security plugin in WordPress comes it, it has a simple setting that’ll prevent people from setting low-security passwords, and you’ll have a whole load off your mind. Better yet, iThemes Security is a free plugin.

iThemes Security in WordPress has loads of features, and a not-amazing interface to let you access all of them. But it’s one of the more useful security plugins to my mind. And making sure that WordPress passwords for your site stay secure is one of its’ biggest benefits. It also includes a iThemes Security Review of your site, the ability to track file changes, and a whole bunch more.

But let’s get to it. How to enforce strong passwords for WordPress using iThemes Security. First, as always, we’ve got the video:

Secure Your WordPress: Enforce Strong Passwords with iThemes Security (Free)

And for those readers who are less visual, here’s a brief rundown of how to use iThemes Security to enforce strong passwords.

  1. As usual, you’ll first need to install the iThemes Security plugin. So, “Plugins > Add New” and a search for “iThemes Security” will get you there.
  2. Then you’ll want to “Activate” the plugin.
  3. After that, you’ll access the plugin by going to “Security” at the bottom of your left-sidebar. (Generally lower than “Settings.”) That’ll get you first to iThemes Security default Security Check screen. After that completes, you’ll want to double-check the setting for Enforcing Strong Passwords in WordPress. You’ll find that on a panel labeled “Password Requirements.” I often find it useful to use the browser’s text search feature (CMD or CTRL+F) to search for “password” or similar.
  4. On that Panel, you’ll probably see that it’s already on, if not, you’ll want to click the “Enabled” checkbox under “Strong Passwords.”
  5. If you’re concerned enough to check here, you may also want to change user roles that you’ll require strong WordPress passwords for. In the video (and in general) I think it’s reasonable and appropriate to send it all the way down to the “Subscriber” user level. Everyone gets a strong WordPress password!

In my next Quick Guide, we’ll talk about one of the features of iThemes Security Pro that makes me pay for it in some situations: Two-Factor Authorization.

Most Voted
Newest Oldest
Inline Feedbacks
View all comments
John Glynn
April 8, 2020 8:53 am

THanks for this post David!

April 25, 2019 4:34 am

Thanks for the post David, finding my way around WordPress and this plugin is definitely a big help to secure all the little bits of WordPress.

Keep up the good work!