Security concerns are always in the back of our minds. When it comes to WordPress management, there is nothing worse than receiving a security alert prompting you to change your password due to a breach.

We understand the gravity of your security concerns and want to help you every step of the way. Let’s look at expert methods for securely resetting WordPress passwords and introduce you to Shield Security PRO for that added peace of mind.

When should you reset user passwords?

Resetting user passwords is an important aspect of maintaining a WordPress website’s security. Site owners may find it necessary to initiate password resets in several scenarios:

  • If a security breach is suspected.
  • There’s a possibility of credential leaks due to shared passwords.
  • In case of ongoing security enhancement, where site owners feel the need to update password strength requirements.
  • If an account was left abandoned or inactive – resetting the password makes it so that only the legitimate user can re-access the account.

Here are some top tips from the Center for Internet Security (CIS) to enhance the security of your WordPress sites and protect user data:

  • Change passwords regularly, at least every 60 days. (we don’t necessarily recommend this).
  • Use passwords with at least 14 characters.
  • Use different passwords for each account you own across platforms and services.
  • Avoid using words, proper names, or personal information, such as names of family members or pets, in passwords.

Resetting a user’s password using WordPress admin (including your own)

Resetting an user’s password via the WordPress admin panel is straightforward. Whether you’re resetting your password or that of another user, the WordPress admin interface provides the tools to do this easily:

  1. Log in to your WordPress dashboard.
  2. From the left-hand menu, click on Users. This will display a list of all registered users on your website.
  3. Pick from the list, or use the search box to find the user for whom you want to reset the password. Click on their username to access their profile settings.
Example of how your WordPress will look when in the Users section
  1. Within the user’s profile settings, you’ll find a section labelled Account Management. Look for the Set New Password field within this section.
The Set New Password section within the Users settings
  1. Enter a secure and unique password for the user in the designated field. For maximum security, make sure its strength metre is “strong”.
  2. After entering the new password, scroll down to the bottom of the page and click Save Changes to apply the password reset.

Alternatively:

  1. If you prefer to notify the user and allow them to reset their password themselves, you can use the Send Reset Link button instead.
  2. If you choose to reset the password manually, it’s important to inform the user about the change.

Resetting user passwords by way of updating password policy with Shield Security PRO

Introducing a password policy via a plugin such as Shield Security PRO can be an effective means of resetting user passwords on your WordPress site, especially when implementing site-wide security changes. Shield Security PRO users have the advantage of using the built-in password policy feature within the plugin, making the process much easier.

Shield Security PRO Call-To-Action: Purchase

Here’s how: 

  1. Download, install, and activate Shield Security PRO.
  2. After activating Shield Security PRO, find it in the WordPress dashboard’s left-hand menu. Click on the Shield Security PRO option to access the plugin’s dashboard.
  3. Within the Shield Security PRO dashboard, go to the Security Zones section. From there, select Users and then click on Zone Actions → Password Policies.
  4. The Password Policies section offers various options to customise your password policies according to your security goals. You can toggle settings on and off and set specific password policies tailored to your requirements:
    • Prevent use of “pwned” passwords: Enable this option to prevent users from using passwords that have been leaked or compromised.
    • Set password strength minimums: Use the zxcvbn password strength calculator to set minimum requirements for password strength.
    • Set password reset interval: Specify the interval at which users are required to reset their passwords.
Set password policies in Shield Security PRO.
  1. While Shield Security PRO offers the option to force users to reset their passwords, it’s important to consider the implications of this feature. Forced password resets can be disruptive and may not necessarily enhance security significantly.
    • Instead of relying on forced password resets, prioritise strong password practices and implement additional security measures, such as two-factor authentication (2FA), that will do much more to fortify the login process.
  2. If desired, enable the Apply to existing users checkbox to force-reset passwords for users whose current credentials do not meet the new password policy minimums.

More ways to increase login security with Shield Security PRO

The conventional approach of solely resetting user passwords often isn’t enough. While passwords are a fundamental authentication mechanism, they have their limitations. Quite often, additional layers of defence are needed. 

This is where two-factor authentication (2FA) comes in. 2FA adds an extra step to the WordPress login process beyond simply entering a username and password. It typically requires users to verify their identity through a secondary method, such as a one-time password/code sent to their mobile device or generated by an authentication app.

With Shield Security PRO, implementing 2FA is easy. Users can enable this essential security feature by:

  1. Going to the Shield Dashboard → Security Zones → Login.
  2. From there, users can explore the tabs across the top of the screen to configure different 2FA methods and settings, ensuring that their custom security measures align with their specific needs and preferences.
2FA general configuration.

While 2FA significantly improves login security, tighter security doesn’t end there. Shield Security PRO is constantly developing innovative solutions to meet evolving security demands. For instance passwordless login functionality is an upcoming feature that’ll simplify the WordPress login flow, while keeping it as secure as possible.

Shield Security PRO enhances website security with advanced bad bot detection and IP address-blocking features. The plugin ensures site integrity by identifying and stopping harmful bot-driven attacks, providing an uninterrupted user experience and protection against potential breaches.

Keep your site safe with Shield Security PRO

Protecting your WordPress site requires much more than resetting user passwords. While we’ve explored various aspects of password management, including manual resets and password policy enforcement, Shield Security PRO is the ultimate security force for any site.

Its login protection features, password policies, two-factor authentication (2FA), advanced bad bot detection, and commitment to staying current with the latest cybersecurity developments, form a protective barrier against unauthorised access and malicious attacks.
Don’t leave your site’s security to chance. Start using Shield Security PRO today and protect your website defences against new threats.