Force Password change WP Plugin

You hear it every day. Another social media site has been hacked. Twitter, Zendesk, even new brand new sites become victims to hackers every single day. You’ve installed Login Lockdown, and Wordfence security. You’re vigilant when it comes to protecting your sites.

What you don’t hear about – unless you’re in the security biz – are the hundreds or even thousands of WordPress sites that are hacked every month. The damage can range from mildly irritating to catastrophic. I know as some of my sites got hacked last year. And it was entirely my own fault. Do you know why? Because of my passwords.

It’s not really the fault of WordPress, or even that of your hosting company. The fact is, armies of malicious hacker bots are out there even as you read this, repeatedly trying to log into unprotected WordPress websites – even yours. And the Login Lockdown plugin will help with this.

But  the number one cause of a hacked website? Weak or outdated passwords.

You ARE Being Careful With Your Passwords, Right?

Hopefully you’re not making any of the most common password mistakes – the kind that might result in your site being hacked. Hopefully, you use a password manager and choose random, unreadable passwords, and you change them often. You do change them often, right? That’s just good common sense, whether for your site or someone else’s.

But what if you have users on your WordPress website, guest bloggers or membership site? Are your users as smart as you are? Let’s hope they are and  they’re not using…

  • Reused and recycled passwords: If your member uses the same password for her Twitter account as she does for your site, and Twitter gets hacked - you are at risk.
  • Commonly used passwords: If your member uses any of the hundreds of most commonly used passwords (and you’d be shocked at how many do) - you are at risk.
  • Easy-to-guess passwords: If your member uses words found in the dictionary - you are at risk.
  • Well-known letter/number swaps: If your user tries to be clever by simply “disguising” letters as numbers - you are at risk.

Now, obviously, none of these members or users are actively trying to cause your site to be hacked by doing any of the above. They simply don’t know the risks. And why should they?

It’s not as if they’re entering their banking data, or sharing other confidential information with your site. Maybe they’re just logging in to leave a comment or watch a training video. As far as they are concerned, security is simply not necessary.

Shouldn’t WordPress do something about this?

WordPress is aware of the risks. They know that weak, recycled, and common passwords represent one of the biggest threats to websites today, but unfortunately, they simply do not have a system in place to prevent it from happening.

Users are allowed to use any password they like, or any length, and change it (or not) any time they want. Further, WordPress will helpfully send the password to new users by email.

Of course, you can ask your subscribers, contributors, and editors to use good passwords and to change them often, but there’s no way to enforce that – until now.

Regular Password Updates Help Protect Your Site From Hackers

The only question is, how can you get your users to comply?

The answer: a simple little plugin that does all the heavy lifting for you.

Introducing Force Password Update, a fully configurable plugin that helps keep your WordPress website secure.

Which users will Force Password Update work for? All of them, including…

  • Administrators: You, your virtual assistant, your web designer – anyone who has complete access to your site.
  • Editors: Anyone who can publish blog posts or pages on your site.
  • Authors and Contributors: Anyone who writes for your site.
  • Subscribers: Anyone – including commentors on some sites – who must log in to access certain features of your site.

All of these user groups can potentially compromise your site if users are not regularly updating their passwords.

Using Force Password Update ensures that every user from administrators to subscribers  is required to keep his or her password fresh. Best of all, it’s a true “set it and forget it” system for you. Once you install it, the plugin does all the work.

How Force Password Update Works

You could – if you have a lot of free time on your hands – ask all your users to regularly change their passwords. You could even do it for them, thereby forcing them to update when they can no longer log in. You can nag them, email them… message them in your Facebook groups…

…And if you only have a couple of users and an infallible memory, that might work for you.

But for the rest of us, an automated solution is best. With this plugin, that’s exactly what you get. It offers…

  • Easy installation – simply upload the file to your site and activate
  • Simple configuration screen – gives you total control over the user experience
  • The ability to set your own expiration period based on the level of risk you feel is acceptable
  • Customizable message to users when you first install the plugin – so they’re not confused by the sudden change
  • Customizable message to users when they are forced to update their password – so they know exactly why they’re being asked to update
  • The option to give administrators a pass by not forcing them to update
  • An additional field in the user profile so you can tell at a glance how old your users’ passwords really are
  • Multi-site license – use it on every site you own.

And nothing more for you to do – ever. Because once you install and activate this plugin, your users will be automatically prompted to update their passwords on the schedule that YOU control.

It continues to work quietly in the background, helping to keep your site secure, for as long as you leave it activated.

Best of all, users won’t be inconvenienced at all, since the plugin uses WordPress’s built-in password update system. They won’t have to fiddle around waiting for your help desk to respond. All they have to do is check their email – everything happens automatically.


Keeping Your Website or Membership Safe from Hackers has Never Been Easier

With Force Password Reset, you can check one more thing off your to-do list. The ease with which you can require users to update their passwords on a schedule YOU set means that this critical maintenance function will never be forgotten.

Buy Now

You don’t have to set a reminder on your calendar, chase down your users, or beg them to update. Everything happens behind the scenes, seamlessly, and painlessly.

What could be simpler?

Oh, and of course you can count on our 7 day money back guarantee  Why only 7 days? Because I want you to use thepplugin to protect your site and not let it languish in your downloads file

Your purchase is absolutely risk free. Try the plugin for 7 days, and if you’re not convinced Force Password Update is helping to keep your website safe, just send me an email and I’ll send you a refund right away. So there’s absolutely no risk on your part. All the risk is on me.

In March of 2012, more than 30,000 WordPress websites were compromised in what may have been the single largest hack ever recorded. A major contributing factor? Weak passwords.

Don’t let this happen to your site. Grab the Force Password Update plugin today, so you have one less thing to worry about when it comes to managing your WordPress website.
Buy Now

Get Instant Access Now

Buy Now Yes! I need this plugin to help keep my site safe from the risks outdated and weak passwords cause.

I understand I’ll get:

  • Unlimited site licenses – so I can use the plugin on all sites I own for $10
  • Easy to install zip file – all I have to do is upload and activate.
  • Full configuration ability right from my WordPress dashboard.

My hard work is valuable to me, and I’m not willing to let it fall victim to a hacker when the solution is available….

 

Regards
Sarah-Blogging-Sig

P.S. Don’t forget – your purchase is backed by my 7-day, money-back guarantee, so there’s absolutely no risk to you. Why only 7 days? Because I want you to install it and use it right away!

Related Posts Plugin for WordPress, Blogger...
Will you do me a favour, and give me a share?
Buffer this pageShare on Facebook30Share on Google+7Email this to someoneShare on LinkedIn18Share on TumblrTweet about this on Twitter128Share on StumbleUpon0Pin on Pinterest0

Sarah Arrow

Blogging an issue for you? Social media not quite working how it should be?That's okay I understand. I started blogging back in 2006 and grew into a kick-ass blog coach as well as creator of Birds on the Blog (listed 3 times by Forbes as a top 100 website for women), I'm frequently listed as both a top content marketing expert and as an influential marketer.
You want your blog to make a difference, so subscribe hereand stay in touch, my updates will help you achieve content marketing success.

8 Comments

  1. Hi Sarah
    Good advice.
    Best go with a password generator and then use a password manager such as lastpass to manage your passwords.
    As computers get faster they find it easier to crack passwords so use at least 15 characters.

    Force password change sounds like just the plugin that most of us need.

    Reply
    • Many hosting companies have password generators these days :) All part of their service. the biggest problem we have on Birds (we have around 130 users) is that people use the same password on multiple sites. When LinkedIn got hacked last year we got hack on 4 different occasions. It was a pain in the backside for everyone involved.

      Reply
      • 130 users!
        Yes that would present problems.

        Most of my clients don’t want to get involved with the site admin so I never give them login info.

        You know I keep looking at WPEngine and wondering if it might be worth going over to them – they have servers now in UK but still pretty expensive.

        Reply
        • Dare I say Synthesis? ;)

          My clients tend to love Hostgator or host with me. And whilst my host can be a pin in the backside, he’s 90 minutes down the road… and I tell him this on a regular basis :) lol

          Reply
  2. Hi Sarah,
    thank you for the great post and suggestions for passwords.

    It is so good to have the community to help alert each other and have tips on how to protect our blog!

    I really appreciated the extend my hosting (Ipage) company was onto this latest issue and they implemented some great measures to protect their customers WordPress site/blogs.

    One question: If WordPress was affected by this, wouldn’t it be possible for password managers like ‘Last pass’ be vulnerable too?
    Personally, I like making my passwords a way to exercise my memory.

    Cheers,
    Yorinda

    Reply
    • Yorinda – every site that uses a password is vulnerable if you use a weak password. This isn’t a technology problem … it’s a humans-using-poor-passwords problem :)

      Reply
  3. it’s certainly very good plug-in, but it has a flaw…
    When a user logs in and is asked to change the password, he can simply click the SAVE button without entering a new password. The password entered during registration remains valid and the user can use it for further log-ins without a problem.

    Reply
  4. I think my site has been hacked – i’ve been receiving many new ‘user registration’ notifications in my Inbox ! I am scared of logging into my admin account thinking that it will bring my site down – i could be considered a newbie and still learning how to work with WordPress. Initially i was told that there was a problem with the ‘ht access’ file but i don’t know how to correct that. Where do i start ?

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Sign me up for the 7 days of content marketing goodness