You hear it every day. Another social media site has been hacked. Twitter, Zendesk, even new brand new sites become victims to hackers every single day. You’ve installed Login Lockdown, and Wordfence security. You’re vigilant when it comes to protecting your sites.
What you don’t hear about – unless you’re in the security biz – are the hundreds or even thousands of WordPress sites that are hacked every month. The damage can range from mildly irritating to catastrophic. I know as some of my sites got hacked last year. And it was entirely my own fault. Do you know why? Because of my passwords.
It’s not really the fault of WordPress, or even that of your hosting company. The fact is, armies of malicious hacker bots are out there even as you read this, repeatedly trying to log into unprotected WordPress websites – even yours. And the Login Lockdown plugin will help with this.
But the number one cause of a hacked website? Weak or outdated passwords.
You ARE Being Careful With Your Passwords, Right?
Hopefully you’re not making any of the most common password mistakes – the kind that might result in your site being hacked. Hopefully, you use a password manager and choose random, unreadable passwords, and you change them often. You do change them often, right? That’s just good common sense, whether for your site or someone else’s.
But what if you have users on your WordPress website, guest bloggers or membership site? Are your users as smart as you are? Let’s hope they are and they’re not using…
- Reused and recycled passwords: If your member uses the same password for her Twitter account as she does for your site, and Twitter gets hacked - you are at risk.
- Commonly used passwords: If your member uses any of the hundreds of most commonly used passwords (and you’d be shocked at how many do) - you are at risk.
- Easy-to-guess passwords: If your member uses words found in the dictionary - you are at risk.
- Well-known letter/number swaps: If your user tries to be clever by simply “disguising” letters as numbers - you are at risk.
Now, obviously, none of these members or users are actively trying to cause your site to be hacked by doing any of the above. They simply don’t know the risks. And why should they?
It’s not as if they’re entering their banking data, or sharing other confidential information with your site. Maybe they’re just logging in to leave a comment or watch a training video. As far as they are concerned, security is simply not necessary.
Shouldn’t WordPress do something about this?
WordPress is aware of the risks. They know that weak, recycled, and common passwords represent one of the biggest threats to websites today, but unfortunately, they simply do not have a system in place to prevent it from happening.
Users are allowed to use any password they like, or any length, and change it (or not) any time they want. Further, WordPress will helpfully send the password to new users by email.
Of course, you can ask your subscribers, contributors, and editors to use good passwords and to change them often, but there’s no way to enforce that – until now.
Regular Password Updates Help Protect Your Site From Hackers
The only question is, how can you get your users to comply?
The answer: a simple little plugin that does all the heavy lifting for you.
Introducing Force Password Update, a fully configurable plugin that helps keep your WordPress website secure.
Which users will Force Password Update work for? All of them, including…
- Administrators: You, your virtual assistant, your web designer – anyone who has complete access to your site.
- Editors: Anyone who can publish blog posts or pages on your site.
- Authors and Contributors: Anyone who writes for your site.
- Subscribers: Anyone – including commentors on some sites – who must log in to access certain features of your site.
All of these user groups can potentially compromise your site if users are not regularly updating their passwords.
Using Force Password Update ensures that every user from administrators to subscribers is required to keep his or her password fresh. Best of all, it’s a true “set it and forget it” system for you. Once you install it, the plugin does all the work.
How Force Password Update Works
You could – if you have a lot of free time on your hands – ask all your users to regularly change their passwords. You could even do it for them, thereby forcing them to update when they can no longer log in. You can nag them, email them… message them in your Facebook groups…
…And if you only have a couple of users and an infallible memory, that might work for you.
But for the rest of us, an automated solution is best. With this plugin, that’s exactly what you get. It offers…
- Easy installation – simply upload the file to your site and activate
- Simple configuration screen – gives you total control over the user experience
- The ability to set your own expiration period based on the level of risk you feel is acceptable
- Customizable message to users when you first install the plugin – so they’re not confused by the sudden change
- Customizable message to users when they are forced to update their password – so they know exactly why they’re being asked to update
- The option to give administrators a pass by not forcing them to update
- An additional field in the user profile so you can tell at a glance how old your users’ passwords really are
- Multi-site license – use it on every site you own.
And nothing more for you to do – ever. Because once you install and activate this plugin, your users will be automatically prompted to update their passwords on the schedule that YOU control.
It continues to work quietly in the background, helping to keep your site secure, for as long as you leave it activated.
Best of all, users won’t be inconvenienced at all, since the plugin uses WordPress’s built-in password update system. They won’t have to fiddle around waiting for your help desk to respond. All they have to do is check their email – everything happens automatically.
Keeping Your Website or Membership Safe from Hackers has Never Been Easier
With Force Password Reset, you can check one more thing off your to-do list. The ease with which you can require users to update their passwords on a schedule YOU set means that this critical maintenance function will never be forgotten.
You don’t have to set a reminder on your calendar, chase down your users, or beg them to update. Everything happens behind the scenes, seamlessly, and painlessly.
What could be simpler?
Oh, and of course you can count on our 7 day money back guarantee Why only 7 days? Because I want you to use thepplugin to protect your site and not let it languish in your downloads file
In March of 2012, more than 30,000 WordPress websites were compromised in what may have been the single largest hack ever recorded. A major contributing factor? Weak passwords.
P.S. Don’t forget – your purchase is backed by my 7-day, money-back guarantee, so there’s absolutely no risk to you. Why only 7 days? Because I want you to install it and use it right away!