Password System is too Strong

Hi Gravel,

In a recent WooCommerce update, the password strength check no longer prevents users from checking out. Meaning they can still complete an order with a weak password.

If you would like to disable the password check though, you can do so with the code mentioned in this article: https://nicolamustone.com/2016/01/27/remove-the-password-strength-meter-on-the-checkout-page/

As for the password check being “too strong”, that isn’t really true. If you do some research on how password’s are hacked, you might have a different feeling towards forcing strong passwords ?? – https://howsecureismypassword.net/

I’ve removed it with :

function wc_ninja_remove_password_strength() {
	if ( wp_script_is( 'wc-password-strength-meter', 'enqueued' ) ) {
		wp_dequeue_script( 'wc-password-strength-meter' );
	}
}
add_action( 'wp_print_scripts', 'wc_ninja_remove_password_strength', 100 );

It’s a bad thing the system is too strong. Removing it is indeed a security flaw but my business is crashed since the user aren’t registering anymore because the password is too complicated.

It’s not only at the checkout, I’m using Dokan plugin which is a multi vendor platform and the vendor are setting up their account before.

Woocommerce should revise this.

Thanks.

It’s a bad thing the system is too strong. Removing it is indeed a security flaw but my business is crashed since the user aren’t registering anymore because the password is too complicated.

What is you had a token based gateway and someone got into a poorly protected account and started buying stuff? I think your business would crash then!

You can lower the strength via filters, but the guides/hints we added should be enough for users to figure out how to generate a strong password?

Hi Mike,

Thanks to get into this. First thank you for woocommerce which is awesome btw.

What is you had a token based gateway and someone got into a poorly protected account and started buying stuff? I think your business would crash then!

About this statement; Actually the only accepted payment methods are Paypal and Stripe. So tell me if I’m misunderstanding something but in the case an hacker enter in an account and start buying stuff they would need to login their paypal or stripe and buy the stuff.

I don’t understand where they’ll steal something; I don’t understand the point of getting into an account as I’m not keeping any payment personal data.

As for the filters could you give me a code with a custom filter I could add to my child theme? I think I’m not alone with this thing and that it could serve more people in the near futur.

Thanks!

they would need to login their paypal or stripe and buy the stuff.

Stripe has tokens, so not if there is a saved card. They cannot see the card details or anything, just purchase from your store.

Filter here https://github.com/woothemes/woocommerce/blob/a91a1e6e47f1c4e5ddb67fb6a2e79742cfd55e96/includes/class-wc-frontend-scripts.php#L343

'min_password_strength' => apply_filters( 'woocommerce_min_password_strength', 3 ),

Thank you for your reply. Is the number 3 the level of strength?

Is 0 the lowest level and 5 the highest?

Do I just copy this page to my child theme and woocommerce plugin will see it?

Thanks, your help is appreciated!

Lower is weaker.

add_filter( 'woocommerce_min_password_strength', 'uh_oh_weakpasswords' );

function uh_oh_weakpasswords() {
return 1;
}

Hi Mike, I’ve added this to my functions.php file in the child theme.

It looks more permissive now, thank you!

@karmatiger FYI the strength system is core WordPress. Plus there are snippets and plugins to lower strength or disable it… Plus the checkout does not even enforce the strength – you can still place order.

So do some research if your own before throwing insults around.

“Taking credit” seriously… I already pointed out, there are multiple solutions to customise the system if you want to. If you want to lower security on your store, go right ahead.

https://nicola.blog/2016/01/27/remove-the-password-strength-meter-on-the-checkout-page/ for one example of many. A few lines.

Even a plugin if you search or are too lazy to use the code example https://en-gb.www.ads-software.com/plugins/password-strength-for-woocommerce/

Looking at your forum history, I think a change in your attitude is in order. This community owes you nothing, and you have no right to attack myself or it’s members.

Side note:

@karmatiger I’ve deleted your personal attacks and your account is now on moderation watch. I’m also going to review your other posts and those will be moderated appropriately.

https://codex.www.ads-software.com/Forum_Welcome#Being_.27Mod_Watched.27_or_Banned

It’s fine to reasonably disagree with people but you’re just attacking Mike and it’s pointless. If you have a problem that you need help with then please keep it respectful.

Now as this is an 8 month old topic I’m closing this down.