Password Policy Settings Overview
The Password Policy controls how strong user passwords must be across your AnmarBookings installation. This includes minimum length, character requirements, overall strength, and copy/paste rules.
As a platform owner, these rules apply to all accounts on the system: admins, vendors, staff, and customers—whether you’re running a single business or a full multivendor marketplace.
This article explains each option and offers practical recommendations for balancing security and usability.
1. Accessing Password Policy Settings
To open the Password Policy panel:
- Log into the WordPress Admin Dashboard.
- Navigate to Administration → General → Password Settings (or similarly named section if you’ve customised labels).
- Use the left sidebar to move between Page Settings, Booking Settings, Plan Settings, Password Settings, and Placeholder Images.
Only platform administrators should update the password policy.
2. Minimum Password Length
Use the Minimum Length slider and the numeric field to specify the minimum number of characters required in a password (e.g., 8).
Recommendations
- Minimum 8–10 characters for general platforms.
- 12+ characters if your platform manages sensitive or financial data.
A higher minimum length greatly improves security, especially on large marketplaces with many vendor accounts.
3. Character Requirements
The Character Requirements toggles let you specify which types of characters a valid password must include:
- Lowercase letters (a–z)
- Uppercase letters (A–Z)
- Number (0–9)
- Symbol (e.g., ! @ # $ %)
When a toggle is enabled, passwords must contain at least one character of that type.
Multivendor vs Single Vendor Guidance
- Multivendor marketplace: Enable all four types (lowercase, uppercase, number, symbol) for stronger protection, since you may host many vendors and staff accounts.
- Single vendor business: You can optionally allow simpler rules (e.g., numbers and lowercase only) if your user base is small and internal—but stronger policies are still recommended.
4. Minimum Strength Slider
The Minimum Strength slider defines how strong a password must be overall, based on an internal strength estimator. The scale typically includes:
- Weak
- Fair
- Good
- Strong
- Strong+
A marker such as “Good required” is often recommended for most platforms.
Suggested Settings
- Multivendor marketplace: Set minimum strength to at least Good or Strong.
- Single vendor business: Good is usually a practical balance between security and user experience.
5. Copy & Paste Rules
The Copy & Paste Rules control how users can use copy/paste with password fields:
- Allow paste into New password
- Allow paste into Confirm password
- Allow copying from password fields
Disabling paste in the confirm field encourages users to retype their password, which can help catch clipboard or autofill mistakes.
Security vs Convenience
- Security-focused stance: Disable paste in the confirm field but allow paste in the new password field so password managers still work.
- Usability-focused stance: Allow paste in both fields to better support password managers and reduce friction for non-technical users.
On large marketplaces, supporting password managers (by allowing paste into at least one field) reduces support tickets and improves account security overall.
6. Best Practices
- Combine a minimum length of 10+ with all four character types for strong, modern security.
- Encourage or support password manager usage, especially for vendors and staff.
- Use the “Reset to Recommended” option if you want to revert to a safe baseline policy.
- Communicate password rules clearly on registration and reset forms.
Need more help? Visit the AnmarBookings Documentation Hub for additional security and onboarding guidance.
Article last updated: November 2025