Force Strong Passwords

[Terri Zx]

Until now I’d been using the Force Strong Passwords plugin in order to, you guessed it, force my clients to create strong passwords. Unfortunately that plugin has been removed from the WordPress repository.

I’ve read that some security plugins include this feature. Is it somewhere in BPS Pro??

[AITpro Admin]

BPS does not have a strong password enforcement feature.  I thought about adding that a while back, but I don’t really feel that it is essential.  Administrator and Editor User Accounts definitely need strong passwords, but Contributor and Subscriber User Accounts don’t.  Typically when someone registers on a website they are given the Subscriber Role, which is very limited and cannot be used to do anything malicious on the website.

[Terri Zx]

Thanks for your reply. I agree, if these were merely subscriber or contributor accounts, it’s not really important to have strong passwords.

However – I create and provide maintenance and overall security for client websites that, at the end of the day, belong to their owners. So all my clients have Admin accounts (I’d demand as such for my own site if it were being maintained by someone else!) And with the loss of that simple plugin :(, I have no way to keep them from using an insecure password. And I don’t really want to replace BPS with something else, as I think BPS Pro is the best thing since sliced bread 😉

I’ll keep looking for a workaround – perhaps this could be added to a list of desired features in the future?

[AITpro Admin]

I’ll consider adding it in BPS Pro 15.1.  BPS Pro 15 is close to being released.

[Terri Zx]

Thank you!!

[Terri Zx]

Howdy!

Just finished updating all my sites to BPS Pro 15.1. A lot easier than the WordPress 5.6 update!

Was wondering if the “force strong passwords” functionality was still on the radar?

(Also, do you have release notes for each version? I couldn’t find them.)

Thanks!

Peace,
Terri Z

[AITpro Admin]

Yes, the new enforce strong passwords feature is still on my task list and will be created in BPS Pro 15.2. I looked at the Force Strong Passwords plugin and did not like the method it is using to enforce strong passwords. I then looked at other plugins that are doing this and did not like the method they were using either. So I created and tested a new method that I feel is much better. Creating working code is only 10% of the overall task. 90% of the task is creating error checking code, etc. for public use.

You can find release notes (Whats New) in these locations:
Within the BPS Pro plugin here > Logs & Info menu > Whats New.
Forum Whats New > https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-version-release-dates/
Blog Whats New > https://www.ait-pro.com/aitpro-blog/5671/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-15-1/

Pending for BPS Pro 15.2: These tasks were pushed back due to higher priority tasks taking priority.
MScan: MScan overhaul
New Feature: Enforce strong passwords
ARQ Automation: ManageWP|MainWP WP Core Bulk remote updates
AutoRestore Added Folders|Files: overhaul
PHP Error Log: improve automation

[Terri Zx]

Delighted to see the Force Strong Passwords feature added! Thank you 🙂

[AITpro Admin]

I kept the FSP feature very simple.  I considered adding these additional options, but decided against adding them for various reasons:

Capability to choose strong passwords by User Role – Logically everyone should be using strong passwords.
Capability to password lock the FSP plugin page so that the page is only accessible by unlocking it – I may add this in the future.

[Terri Zx]

Capability to password lock the FSP plugin page so that the page is only accessible by unlocking it

Do you mean locking the page within the BPS Pro settings? I’d think a user would have to be pretty savvy to even know where to look for that!

[AITpro Admin]

The password lock would be the same as the old Xternal Tools password lock > https://forum.ait-pro.com/wp-content/videos/xternal-tools/xternal-tools.html. For now I’m going to do a wait and see thing. If several people ask for a password lock then I will add it.

[Author]

Posts