Force Strong Passwords Wordpress Plugin - Rating, Reviews, Demo & Download

Force Strong Passwords Wordpress Plugin - Rating, Reviews, Demo & Download
4 Average out of 4 ratings
Free
Follow for free plugins, new theme releases and theme news

Plugin Description

The WordPress user profile includes a JavaScript-powered indicator as a guide to the strength of a password being entered. However, there is nothing to stop users entering weak passwords. Often, users changing their password to something very weak is the most vulnerable aspect of a WordPress installation.

IMPORTANT: As of WordPress 3.7, the password strength meter is based on the Dropbox “zxcvbn” script. This is a far better check, but extensive and quite a job to port to PHP, which is the way this plugin worked prior to 3.7. For 3.7 and above, this plugin simply passes the results of the client-side zxcvbn check for the server to decide if an error should be thrown. Beware that a tech-savvy user could disable this check in the browser.

Strong passwords are enforced for all users who have any of a specified array of capabilities. The default list is: publish_posts, upload_files, edit_published_posts (see Roles and Capabilities). If the user whose password is being edited holds any of these capabilities, the strong password enforcement will be triggered. To customize this list, use the slt_fsp_caps_check filter (see below).

Development code hosted at GitHub.

Filters

slt_fsp_caps_check (should return an array)
Modifies the array of capabilities that, if any one is held by the user whose password is being edited, the strong password enforcement will be triggered.

To make sure users who can update the core require strong passwords:

add_filter( 'slt_fsp_caps_check', 'my_caps_check' );
function my_caps_check( $caps ) {
    $caps[] = 'update_core';
    return $caps;
}

To trigger the strong password enforcement for all users:

add_filter( 'slt_fsp_caps_check', __return_empty_array() );

slt_fsp_error_message (should return a string)
Modifies the default error message.

slt_fsp_weak_roles (should return an array)
Modifies the array of roles that are considered “weak”, and for which the strong password enforcement is skipped when creating a new user. In this situation, the user object has yet to be created, so there are no capabilities to go by, just the role that has been set on the New Users form. The default array includes: subscriber and contributor.

Screenshots

No screenshots provided


Reviews & Comments