Enforce Password Complexity
WARNING: Enabling this setting can block users from saving profile changes or completing password resets if their passwords do not meet the configured rules. Verify that support staff and administrators are ready to handle password reset requests before turning it on.
Description of the control
This control appears in the Authentication & Accounts page under Password Policy as Enforce Password Complexity. Its description states that it requires strong passwords whenever a user updates credentials or resets a password.
Use this setting when the site should enforce password complexity rules during password changes. The card also notes that the detailed rule settings only apply when the enforcement toggle is enabled.
Procedure
- In WordPress admin, open Posture Management.
- Select Authentication & Accounts.
- In the Password Policy card, locate Enforce Password Complexity.
- Turn on the Enable toggle.
- Click on “Show advanced complexity controls”
- Review the complexity controls to ensure they meet your needs.
- In the Password Policy card, locate “Show password requirements indicators”
- Turn on the Toggle
- Now the users will see the requirements and check them as the user meets them.
- Click Save Authentication Settings.
Validation
After saving, reload Posture Management -> Authentication & Accounts and confirm the Enable toggle remains on for Enforce Password Complexity.
Test a password update or password reset with a password that does not meet the configured rules and confirm the change is rejected.