Feature request: enforce password strength

  • Resolved Antipole

    (@antipole)


    3 years, 10 months ago

    Love the plugin – thank you.

    As you say, weak passwords are a major vulnerability.
    In the backend user profile, WP now shows a password strength indicator but allows the user to override and set a weak password. Stopping this is relatively simple by removing the override with this

    add_action( 'admin_enqueue_scripts', 'minimum_password_strength' );
/**
 * Hiding the "Confirm use of weak password" checkbox from view.
 */
function minimum_password_strength() {
	wp_add_inline_style( 'admin-menu', '.pw-weak {display: none !important;}'     );
}

    However, that does not stop a user setting a weak password via a reset password link, as the override still shows up there if you enter a simple password.

    Further, with BuddyPress you can reset the password in the user’s profile settings and there there is no minimum requirement and not even a requirement to override to allow a weak password.

    There are other plugins to address some of these, such as iThemes Security, but none that address all of these concerns. Besides, they overlap with AIOWPS and might cause conflicts.

    I would love it if AIOWPS addressed this with your usual quality! It would certainly prompt a donation from me – if I could find how to donate on your donation link :#)

    Using AIOWPS v4.4.6

Viewing 1 replies (of 1 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Thank you for reaching out to us. I have submitted a message to the developers to investigate further your request.

    Kind regards

Viewing 1 replies (of 1 total)
  • The topic ‘Feature request: enforce password strength’ is closed to new replies.