Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

How to Add a Simple User Password Generator in WordPress

Many users choose simple passwords just for convenience. Unfortunately, these weak passwords can be easily guessed by hackers, putting your site at risk for unauthorized access and data breaches.

Strong passwords are essential for protecting your WordPress website. As we have helped users improve their WordPress security over the years, we have found you can encourage the use of strong passwords by adding a password generator to your WordPress site.

In this article, we will show you how to easily add a user-friendly password generator to your WordPress site to significantly improve your online security.

Adding a password generator in WordPress

Why Use a Stronger Password Generator in WordPress?

By default, WordPress allows you to choose a password for your user account, but it doesn’t require that the password be secure.

The built-in random password generator appears during WordPress installation, on the user registration page, and on the user profile page.

By clicking on the ‘Generate Password’ button, users can generate a new, strong password.

Similarly, when changing a password by editing their user profile, users can click on the ‘Set New Password’ button to generate unlimited combinations of unique, strong passwords.

Generating strong passwords in WordPress

However, you will notice that WordPress allows you to skip the password strength check.

The user simply needs to check the ‘Confirm use of weak password’ option.

Strong password can be escaped

Similarly, any new users registering on your WordPress website can also escape the strong password requirement by checking this option on the user registration page.

If you run a membership site or eCommerce store where many users have accounts, then this can seriously affect the security of your WordPress site.

Generate password for new user registration

That being said, let’s take a look at how to easily enforce secure passwords and require users to use the strong password generator instead. We will cover how to do this with the default WordPress user registration and login forms, along with custom forms:

Method 1: Enforce Strong Password Generator in WordPress

First, you need to install and activate the Password Policy Manager for WordPress plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, you need to visit the Password Policies page in the WordPress admin area and click on the ‘Enable Password Policies’ check box.

Set up password policy for all users

After that, you can set a site-wide password policy for all users. You can choose minimum password strength, enforce special characters and number usage, expire passwords after a period of time, and more.

Below that, you can set additional advanced options for password security.

For instance, you can automatically reset passwords for inactive users, prevent users from reusing old passwords, or disallow users from resetting passwords on their own.

Advanced password security options

The plugin also allows you to limit login attempts to prevent brute force attacks.

You can choose the number of login attempts a user can make, after which their account will be locked, and login will be disabled for 24 hours.

Block login attempts

You can also set a lock duration, after which the accounts will be automatically unlocked. Alternatively, you can choose to manually unlock accounts by an administrator only.

Set Password Policies Depending on User Roles

The plugin also allows you to set different password policies based on user roles.

For instance, you can set different password requirements and security settings for authors, subscribers, customers, or members on your membership website.

Set password policy for user roles

Seeing the Password Generator in Action

The plugin will now automatically display a strong password generator on the registration, profile, and password change screens in WordPress.

Password enforcement in WordPress

It also removes the checkbox that allows the use of weak passwords.

This will prevent users from setting weaker passwords or bypassing your password policy.

Password policy enforced

Method 2: Enforce Strong Passwords in Custom User Registration and Login Forms

The password policy method above works well for default WordPress user registration and password reset forms.

However, if you are using a custom user registration and password reset form, then users may still find ways around your stronger password requirements.

One easy way to enforce strong passwords is by using WPForms. It is the best WordPress form builder plugin and allows you to easily create any kind of form, including custom user registration and login page forms.

First, you need to install and activate the WPForms plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Note: You’ll need at least the Pro plan to access the User Registration addon.

Upon activation, you need to visit the WPForms » Settings page to enter your license key. You can find this information in your account on the WPForms website.

Enter WPForms license key

After that, you need to visit the WPForms » Addons page,

Then, click on the ‘Install Addon’ button under ‘User Registration Addon’.

User registration addon

You are now ready to create your custom user registration and login forms.

Simply head over to the WPForms » Add New page. First, you need to provide a title for your form and then choose the user registration form template.

User regisration form template

This will load the form builder, where you can edit form fields.

Simply click on the ‘Password’ field to edit and turn on the ‘Enable Password Strength’ switch. Below that, you can choose the minimum password strength and set it to ‘Strong’.

Require strong password

You can now save your form and exit the form builder.

WPForms makes it super easy to add your forms anywhere on your website. Simply edit the post or page where you want to display your custom user registration form and add the WPForms block to your content area.

Add WPForms block

After that, you need to select your custom user registration form under the block settings.

WPForms will then load a live preview of your form inside the editor.

Select custom user registration form

You can now save and publish your post or page and preview your custom user registration form.

You will notice that as users fill in the password field, they will be asked to use a stronger password. The form will not be submitted with a weaker password.

Strong password required error

Expert Guides on WordPress Password Security

We hope this article helped you learn how to use the simple user password generator in WordPress to enforce stronger passwords on your WordPress website. You may also want to see some other step-by-step guides related to password security:

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

6 CommentsLeave a Reply

  1. Jiří Vaněk

    I have a multi-user website, and password management is crucial for me. We all know that many users tend to choose weak passwords just so they can remember them more easily, which can make it very easy for someone to hack into their accounts. This could be a great solution to strengthen security on a multi-user website and force users to use stronger passwords. After all, website security is the most important aspect of the entire ecosystem. Thanks for the great tip; I’m excited to implement it right away.

  2. kzain

    I’ve been looking for a way to improve password security on my site. Adding a password generator is a smart move. I’m definitely going to try out one of these methods. Thanks for sharing!

  3. Dayo Olobayo

    Requesting for strong passwords can be a bit of a pain for users but it’s definitely worth it for the added security. This plugin seems like a great way to strike a balance. Thank you.

  4. forough

    Thanks alot. i have installed User-pro plugin on my site that created by wordpress, all of things are work correctly but i wanna userpro generate auto password when any user register with it in my site. how can i solve this problem? it’s very important for me. please help me…

    • rob

      i too have userpro plugin and, have you found a solution, what would be another alternative is upon activation make them change the password – and autogenerate it

  5. Frithjof

    I like to use Lastpass. One less plugin and all my passwords are handy on my desktop and phone.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.