- This topic has 4 replies, 4 voices, and was last updated 9 years, 5 months ago by
.
-
Posts
-
I am NOT a security expert. But I have logged onto sites that actually REQUIRE that the password that the new member create be a High Security password. [using upper AND lower case letters, AND digits, AND symbols like @!!$%, etc.]
It seems like that would make my membership site more secure from hackers.
Any thoughts or suggestions on how to make that happen, if at all possible?
Thanks so much!
~ Jupiter Jim
At this time, there is no native support for this. The existing code base requires a moderate amount of work to support this feature.
You are referring to the member accounts on your site. These accounts only allows users to view protected content. Hackers are usually not interested in these accounts because it doesn’t have any real permission to cause damage to the site or server. They are usually after hacking your admin account or FTP. So if you are worried about your WordPress site’s security, try our WordPress security plugin:
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
In my opinion, a standard membership site really shouldn’t force users to use super complex passwords (it annoys the users). If you are offering super sensitive information that can’t fall into the wrong hands, I can do a custom job to apply extra validation on the password field that will force users to enter a complex password.
Hi,
I’ve just been working through all the documentation across the site and finally found something on security!
We’re setting up a private site and would like our users to have quality passwords.
I would be keen to pursue a way of increasing password quality and am happy for you to contact us directly to see how this can be achieved.
There are number of features in this realm that could be considered when you look at improving password quality…
I can foresee some of the functionality listed below as part of the discussion:
Have the ability:
1. For Users to create high-quality passwords, either through a built in feature or through their own entry
2. For Users to view a password strength meter on the user profile page when creating a password to help them create quality passwords
3. For admin users to monitor password quality in the admin panel on the users summary view or a create report indicating
3. To send users a notification to improve their password quality
4. To have users reset their passwords on frequency basis, e.g. e-mail notification.
All-In-One Security Plugin.
I like the suggestion above in the previous post about using the All-In-One Security Plugin and am currently configuring it.
On WP eMember side of things we will utilise the fully protected site wide page protection.
Is there an opportunity to gain synergies by coupling All-in-One tighter to WP eMember?
Can you can clarify the feature and use on the All-In-One Security Plugin where you can set the “maximum login attempts within a specific time frameā.
Does this All-In One feature interfere with WP eMembers “Login Restriction by IP Address” or how does it impact that feature?
Anyway, we would love to discuss with you directly the opportunity to do a custom job to improve password quality.
Phil and Chris
Anyway, we would love to discuss with you directly the opportunity to do a custom job to improve password quality.
Please complete this, and the appropriate person will contact you:
- You must be logged in to reply to this topic.