While keeping WordPress websites secure is an essential part of a developer's job, making sure users employ strong passwords is just as essential but a lot trickier to accomplish. WordPress manages login cookie server-side, uses salting and stretching to enhance the security of stored passwords, and uses a permissions system to limit the amount of information shared. A user with a weak password can easily compromise a website so a long and complicated password with upper case letters, numbers, and symbols should be created; don't allow old passwords to be recycled back into use, force frequent password changes, and use two-factor authentication if possible in case a password has been compromised. Security plug-in can be used to manage user passwords and a password manager to keep track of it all.
Key Takeaways:
Requiring strong user passwords is a key step in securing your WordPress site.
WordPress has made significant improvements in their handling of password security issues.
Techniques like frequent password resets, disallowing old password use and adding two-factor authentication are good ways to ensure your users have strong passwords.
“You can’t skimp on securing a website (or, if you’re a user, your private information) simply because you don’t want to generate a better password than the one you created for Gmail five years ago.”
Read more: https://premium.wpmudev.org/blog/a-complete-guide-to-wordpress-password-security/