I’ve just released a new little plugin: Force Strong Passwords.
The code has been part of my custom themes for a while, and I realized it should be a plugin as I’ve been preparing my talk for this weekend’s WordCamp (eek!). Anyway, the basic idea is that it enforces the password strength indicated by the little meter on the WordPress user edit screen. It only forces strong passwords for users who can do stuff, i.e. change the live site in some way.
There’s all sorts of scope for options, etc., but this has been serving me well for a while. All in good time. For now, it’s an easy way to combat one of the largest vulnerabilities in client sites: people who use weak passwords.