Enabling weak passwords for customers ( while creating a new password)

  • Resolved wpadmi

    (@wpadmi)


    1 year, 7 months ago

    Hello, 
    on our website we allow Woocommerce customers to register with weak passwords enabled (with Wordfence setting Login Security Options: Enforce strong passwords -> Force admins and publishers to use strong passwords (recommended)), this setting works fine and our Woo customers can use weak passwords when registering (which is a requirement of our client).

    The problem occurs when the Woo customer does not remember the password and chooses the forgotten password link /wp-login.php?action=lostpassword (when logging in). In the email he receives a link to generate a new password, which is a (default WP) page that does not allow the insertion of a weak password.?

    We would need to select a setting/resolution to allow Woo customers to choose a weak password when generating a new password (as is allowed during registration).

    Thank you for your advice and help to solve this problem.

    Best,

    Jiri.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @wpadmi, thanks for your question.

    Our password strength feature depends on the user’s role, so users with the “Customer” role shouldn’t be affected when resetting passwords as the option is set to force only administrators and publishers to have strong passwords.

    On a test site of ours running WooCommerce, even with Wordfence deactivated, a customer can’t set a weak password, including on the /my-account page. This suggested to us that WooCommerce may have implemented something around password strength. Searching for documentation or settings around it doesn’t seem to be a particularly simple task.

    A JavaScript woocommerce_min_password_strength?hook controls the setting with a default value of 3, with what appears to be a 0-3 strength range: https://stackoverflow.com/questions/60542862/woocommerce-min-password-strength-create-function-deprecation

    I’ve also found some articles highlighting options that don’t appear to show any longer in WooCommerce’s “Account & Privacy” tab, so may be referring to an older WooCommerce version. This is one I found however that may be appropriate for the current plugin: https://avada.io/woocommerce/docs/disable-password-strength.html

    Please let us know if you produce different results with Wordfence disabled.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Enabling weak passwords for customers ( while creating a new password)’ is closed to new replies.