Minimum password strength

Hi @boabo

I hope you’re well today and thank you for pointing this out.

We are actually dealing with two issues here:

1. the message itself which doesn’t give a clear indication of what are the requirements – regardless of the setting it’s always the same.

We are aware of this and it’s already on a “to do” list for the plugin to be improved in future, so based on chosen setting the message would change to match and explain selected requirements type.

2.the password “strength” itself

This is indeed 8 or more characters and at least one symbol in it; the settings can only make it “more complex” rather than less.

It may be possible to overcome this with a bit of custom code but I’m not entirely sure yet. I have already asked our Forminator Team about it so if it’s doable, developers will provide code and we’ll share solution with you here soon (though I would appreciate some patience as they are dealing with a lot of complex tasks on daily basis and their response time may be slightly longer than ours).

Kind regards,
Adam

Hi @boabo,

Can you please try adding the following code snippet using a mu-plugin and check if that helps?

<?php
add_action( 'wp_footer', 'wpmudev_password_field_custom_validate', 9999 );
function wpmudev_password_field_custom_validate() {
	global $post;
    if ( is_a( $post, 'WP_Post' ) && !has_shortcode( $post->post_content, 'forminator_form' ) ) {
        return;
    }
	?>
	<script type="text/javascript">
	jQuery( document ).ready( function($){
		setTimeout(function() {
			$('.forminator-custom-form').trigger('after.load.forminator');
		},100);

		$(document).on('after.load.forminator', function(event, form_id) {
			$.validator.addMethod("strongPassword", function (value, element) {
				return /^[A-Za-z0-9\d=!\-@._*]*$/.test(value) // consists of only these
                && /[a-z]/.test(value) // has a lowercase letter
                && /\d/.test(value); // has a digit
			},"The password must contain at least 1 number, at least 1 lower case letter, and at least 1 upper case letter.");
			$( "#forminator-module-113 #password-1 input" ).attr( "strongPassword", "strongPassword" );
		});
	});
	</script>
	<?php
}

Note: Kindly replace the form ID (113) that is present in the above code with your own form ID.

I hope the following documentation comes in handy: https://www.ads-software.com/documentation/article/must-use-plugins/

I hope that helps.

Kind Regards,
Nebu John

I see, i had to test site online (it was not working on wp/forminator/form/preview).

After testing your php snippet, i got your message The password must contain at least 1 number, at least 1 lower case letter, and at least 1 upper case letter.

Now, it’s not telling that there must be 8 characters and more. And if you test with only 4 lower case letters or set password to short, bad, strong, etc same message displays. Please note that in the current model, i also found that the minimum characters was not 8 but 9 (8 characters + 1 symbol).

So, assuming you decided to keep only 1 strength (strong password), message could be Please use at least 8 characters with 1 number, 1 lower case and 1 upper case. The shorter, the better.

Hi @boabo

I hope you are doing well.

In case you want to validate different rules and append different warnings you would need to test multiple regex, but it is not really user friendly because your customer would fix one issue then you may return another error, so it is better for your customer to know right away what is the expected password.

Best Regards
Patrick Freitas