Password Contains Minimum of 8 Character

Are you asking how to make it “throw” an error with a weak password?

@e_baker

thanks for the reply..my point is how to limit my password minimum of 8 characters..

I know of two places where you need to apply such enforcement. One is the password reset page, which also covers user registrations. For this, use the ‘validate_password_reset’ action. If the password does not comply, use the passed WP_Error object to add an error type and error message using the WP_Error::add() method. Adding an error reloads the reset form with any added error messages displayed.

The other is the profile/user edit admin screen. For this, the ‘check_passwords’ action is available, but it doesn’t have any mechanism to add errors. All you could do is wp_die() with your message. I suggest you use the ‘user_profile_update_errors’ filter instead. With this filter, the WP_Error object is passed and you can add an error as is done with the reset form. The difference here is the password is passed as part of the a user object. This is not a WP_User instance, rather a PHP standard class object. The password submitted is $user->user_pass.

Hi @bcworkz

thanks for the reply., where can i put my code on the function.php??..
can you give me also sample on how to do that??..thanks

• This reply was modified 7 years, 6 months ago by ragnar22.

Anywhere custom code is safe from updates. functions.php will work if it’s from a child theme. I advise you do not change the main theme’s files unless you are confident there will be no updates. A simple custom plugin is another alternative. This plugin can be used for any other custom code.

I’m sorry I don’t have any examples. If you understand how basic action hooks are structured and have a small amount of PHP skills you could likely pull something together. Otherwise you could hire help through places like jobs.wordpress.net or jetpack.pro.

hi @bcworkz

i already found a solution for the problem, i put the code in my function.php is it okey??

I’m pleased you found a solution! In one sense, if it works, it’s OK. The only problem is it might be overwritten when your theme is updated. Whether this risk is real depends on the nature of your theme. You could simply keep reinstating your change after every update, or implement one of the suggestions from my previous post. The one thing you must not do is forgo updates merely to avoid reinstating your change. Updates may include important security patches.

i design my own theme..i think no updates will happen..thanks for the reply..

You’re welcome.

Or when you do “update” (as in revise), you know enough to not obliterate your own code ?? For future reference, when creating topics in these forums, it’s frequently useful for us to know that you’re using your own theme.