Force Password Update Wordpress Plugin

Dear Website Owner,

You hear it every day. Another site has been hacked. Twitter, Zendesk, even new outlets fall victim every single day.

What you don't hear about - unless you're in the security biz - are the hundreds or even thousands of WordPress sites that are hacked every month. The damage can range from mildly irritating to catastrophic.

It's not really the fault of WordPress, or even that of your host. The fact is, armies of malicious hacker bots are out there even as you read this, repeatedly trying to log into unprotected sites - even yours.

And the number one cause? Weak or outdated passwords.

You ARE Being Careful With Your Passwords, Right?

Hopefully you're not making any of the most common password mistakes - the kind that might result in your site being hacked. Hopefully, you use a password manager and choose random, unreadable passwords, and you change them often.

That's just good common sense, whether for your site or someone else's.

But that's not what your users are doing. They're using...

• Reused and recycled passwords: If your member uses the same password for her Twitter account as she does for your site, and Twitter gets hacked - you are at risk.
• Commonly used passwords: If your member uses any of the hundreds of most commonly used passwords (and you'd be shocked at how many do) - you are at risk.
• Easy-to-guess passwords: If your member uses words found in the dictionary - you are at risk.
• Well-known letter/number swaps: If your user tries to be clever by simply disguising letters as numbers - you are at risk.

Now, obviously, none of these members are actively trying to cause your site to be hacked. They simply don't know the risks. And why should they?

It's not as if they're entering their banking data, or sharing other confidential information with your site. Maybe they're just logging in to leave a comment or watch a training video. As far as they are concerned, security is simply not necessary.

WordPress is NO Help!

WordPress is aware of the risks. They know that weak, recycled, and common passwords represent one of the biggest threats to websites today, but unfortunately, they simply do not have a system in place to prevent it from happening.

Users are allowed to use any password they like, or any length, and change it (or not) any time they want. Further, WordPress will helpfully send the password to new users by email.

Of course, you can ask your subscribers, contributors, and editors to use good passwords and to change them often, but there's no way to enforce that - until now.

Regular Password Updates Help Protect Your Site From Hackers

The only question is, how can you get your users to comply?

The answer: a simple little plugin that does all the heavy lifting for you.

Introducing Force Password Update, a fully configurable plugin that helps keep your site secure.

Which users will Force Password Update work for? All of them, including...

• Administrators: You, your virtual assistant, your web designer - anyone who has complete access to your site.
• Editors: Anyone who can publish blog posts or pages on your site.
• Authors and Contributors: Anyone who writes for your site.
• Subscribers: Anyone - including commentors on some sites - who must log in to access certain features of your site.

All of these user groups can potentially compromise your site if users are not regularly updating their passwords.

Using Force Password Update ensures that every user from administrators on down is required to keep his or her password fresh. Best of all, it's a true set it and forget it system for you. Once you install it, the plugin does all the work.

How Force Password Update Works

You could - if you have a lot of free time on your hands - ask all your users to regularly change their passwords. You could even do it for them, thereby forcing them to update when they can no longer log in.

And if you only have a couple of users and an infallible memory, that might work for you.

But for the rest of us, an automated solution is best. With this plugin, that's exactly what you get. It offers...

• Easy installation - simply upload the file to your site and activate
• Simple configuration screen - gives you total control over the user experience
• The ability to set your own expiration period based on the level of risk you feel is acceptable
• Customizable message to users when you first install the plugin - so they're not confused by the sudden change
• Customizable message to users when they are forced to update their password - so they know exactly why they're being asked to update
• The option to give administrators a pass by not forcing them to update
• An additional field in the user profile so you can tell at a glance how old your users' passwords really are
• Multi-site license - use it on every site you own.

And nothing more for you to do - ever. Because once you install and activate this plugin, your users will be automatically prompted to update their passwords on the schedule that YOU control.

It continues to work quietly in the background, helping to keep your site secure, for as long as you leave it activated.

Best of all, users won't be inconvenienced at all, since the plugin uses WordPress's built-in password update system. They won't have to fiddle around waiting for your help desk to respond. All they have to do is check their email - everything happens automatically.