Set the user level on your site (administrators, editors, users, etc.) to have strong passwords. Strong password enforcement is one of the best ways to lock down WordPress.
Your WordPress password must meet the following requirements:
- Use numbers, capital letters, special characters (@, #, *, etc.)
- Be long (10 characters - minimum; 50 characters - ideal)
- May contain spaces and be a passphrase (do not use the same password in multiple places)
- Change passwords every 120 days or 4 months