How does Wordfence define a strong password?

  • Resolved oceu

    (@oceu)


    2 years, 7 months ago

    Hi,

    How does Wordfence define a strong password?

    From Wordfence documentation:

    Wordfence checks that the password is a minimum length and that it doesn’t match any known obvious passwords. It then uses a point system to allocate points based on things like whether it contains a number, if it has upper and lower case letters, and special characters. If the point score does not exceed a required level, then it will reject the password the user entered.

    But what does Wordfence consider to be “minimum length”, which list of “obvious passwords” is used, what is the required points level?

    I could not immediately find that information in the documentation or on the forum

    Thanks,

    • This topic was modified 2 years, 7 months ago by oceu.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @oceu, thanks for getting in touch.

    Our password strength check was updated in the 28th July Wordfence plugin update and I have logged a case based on your request to detail the specific requirements in our documentation. This will be actioned, but in the mean time passwords should:

    • Be at least 12 characters.
    • Contain at least one of each: uppercase letters, lowercase letters, numbers, symbols.
    • Not repeat a character 3 or more times.
    • Not use an ordered numeric sequence of more than 2 characters (i.e. 123 or 321).
    • Not use an ordered or patterned sequence of adjacent characters of more than 3 characters (i.e. abcd, abab).

    Thanks,

    Peter.

    Thread Starter oceu

    (@oceu)

    Thanks for the info

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How does Wordfence define a strong password?’ is closed to new replies.