WP Engine Products

WordPress Hosting

Boost performance while managing less

WooCommerce Hosting

Build faster and sell more with WooCommerce

Agency and Client Management

Automate client billing, reporting, & more

Headless WordPress

Build, deploy, and manage headless sites

View More Products

Solutions

Small Businesses

Enterprises

Agencies

eCommerce

View More Solutions

Website Tools

Smart Plugin Manager

Website Tester

Website Monitoring

WordPress Themes and Tools

Local WordPress Development

Featured Plugins

Advanced Custom Fields

Build rich, custom content editing experiences

WP Migrate

Migrate WordPress sites with confidence

WP Offload Media

Offload media assets & serve them lightning fast

WP Offload SES

Improve email send reliability with Amazon SES

View More Recommended Plugins

WordPress Resources

WP Engine Resources

Articles and videos for help with WordPress

WP Engine Help Docs

Guides for site setup & troubleshooting

Free Website Migration

Automated migration plugin & support

Find a WordPress Agency

Need help? Search our agency directory

Stay Connected

WP Engine Blog

Builder Community

Headless Developer Community

Torque Magazine

Velocitize Magazine

Thought Leadership

Velocitize Talks

Erik Posthuma of Aleph-labs on Web3, Cryptocurrency, & More

Podcast

Press This, the WordPress Community Podcast

Study

The World’s First Study of the WordPress Economy

Why WP Engine?

Our Platform Technology

Managed WordPress Hosting

Fast WordPress

Secure WordPress

24/7 WordPress Support

About Us

WP Engine Reviews

How You Win with WP Engine

Build faster, protect your brand, and grow your business with the #1 WordPress platform to power remarkable online experiences.

Learn More

Customer Spotlight

Peak Performance With Headless WordPress

Android Authority increases speed 6x by adopting a headless architecture with a WordPress back-end.

All Case Studies

Contact sales

Call Us

+1-512-273-3906 to talk to a sales expert

Request a Quote

Submit a request for a personalized plan recommendation

Let’s Chat

Customer Support

Support Articles

Billing Help

Password Help

Log In for Support
Easiest Migration Ever!

Need Help Choosing a Plan?

We offer solutions for businesses of all sizes. For questions about our plans and products, contact our team of experts. Get in touch

Support Center
Setup A Site
Account & Features
Platform Information
WordPress Help
Troubleshoot
Browse All

Strong Passwords for WordPress Admins

Last updated on January 20th, 2023

passwordsecuritywp-admin

At WP Engine we want to do everything we can to help give you the most secure WordPress hosting experience. Requiring the use of a strong, unique password is one of the most impactful security steps any website manager can make. Learn about choosing a strong password and why we require one.

Contents hide
1 About Strong Passwords
2 Choose A Strong Password
3 Added Convenience
4 Disable Strong Passwords

About Strong Passwords

One of the most common areas for security failure is unfortunately the human one. We’ve made the decision to require strong passwords for your wp-admin login to help your account and website stay secure.

Strong passwords are only required for Administrator, Editor, and Author roles. It is not required for “weaker” roles, or roles without wp-admin access, like Subscriber and Contributor.

Choose A Strong Password

WP Engine “strong password” criteria favors chains of words, making passwords easy to remember and harder to crack. To create a password that meets our strength requirements, it’s recommended to use a mix of at least four random words along with the following requirements:
EX: starbucksportalmonitorstormtrooper or correcthorsebatterystaple.

This password style might not be very common, but it will be much more difficult for computers to crack. It also allows for your passwords to be memorized easily.
If your password still falls below the required Strong password strength level, you may need to add some special characters or numbers to strengthen it further.

The password strengths meter may seem random, but the “zxcvbn” library is actually recognizing and rejecting common patterns. These patterns include dates, phrases, names, keyboard patterns (EX: 123456789), and even pop culture references, which can weaken passwords.

Added Convenience

Another way to ease password worries is to keep your strong passwords in a password vault. This helps you by auto-filling strong passwords for you, so you don’t have the burden of remembering them.

Software like LastPass and 1Password are written with security in mind. They make saving and recalling unique passwords simple.
To lessen the friction of using a password vault, both pieces of software have browser extensions that auto-fill login forms. These tools make setting a complex password for every site super easy — even ones not hosted with WP Engine.

Disable Strong Passwords

Setting a strong password is a security measure that exists to protect the administrative portion of your site and therefore we will not remove the password requirements.

However, only Administrator, Editor, and Author level users have this requirement. Therefore you can lower a user’s WordPress role to Subscriber or Contributor to remove the restrictions.

If you simply don’t like having to use a strong password or have trouble remembering it, try seamless login! Seamless login securely generates and stores a strong password on your behalf, letting you log in to your wp-admin with just one click from the WP Engine User Portal. Seamless login is totally free to use and can be enabled account-wide for all users on your account in one simple step. Check out seamless login.

NEXT STEP: Learn how to reset your WordPress admin password

Enterprise-grade security and performance for all

Global Edge Security provides a managed web application firewall (WAF), advanced DDOS mitigation, CDN, and automatic SSL installation all powered by Cloudflare.

Get the add-on

Talk to a specialist
Chat with us!