My users have the ability to change their password from a plugin admin screen. I want to make sure the password they create meets whatever the minimum requirements are. I'm not trying to change the password requirements. I just want to know what the default requirements are. Is there are function I can use to get the default requirements?
My users have the ability to change their password from a plugin admin screen. I want to make sure the password they create meets whatever the minimum requirements are. I'm not trying to change the password requirements. I just want to know what the default requirements are. Is there are function I can use to get the default requirements?
Share Improve this question asked Feb 8, 2020 at 18:58 KirklandKirkland 3082 gold badges3 silver badges14 bronze badges 02 Answers
Reset to default 3The minimum requirements are that it passes the zxcvbn library's strength check. I can't see a simple summary of their rules. This is registered as script 'zxcvbn-async' that you can enqueue / make a dependency of your own scripts, and then you can run the check yourself on the client-side. See password-strength-meter and user-profile.js's multiple cases for zxcvbn being not-yet-loaded.
Nowadays WordPress encourages you to use randomly generated passwords
- new user registrations always have a randomly generated password
- to change your password in the admin site you click 'generate password' to get a new random one; it does give you the chance to override it but will disable the 'Update profile' button on the page until your password has passed a zxcvbn check.
This is only enforced on the client-side though; there's no server-side enforcement as far as I can see. user.php does have a check_passwords action but isn't passed $errors to raise weak password errors itself; you'd have to remember the error and add it in user_profile_update_errors later. But there isn't anything like that in a default WordPress install.
Surprisingly, for plugin development, correct answer is none
From set password documentation:
wp_set_password( string $password, int $user_id )
Updates the user’s password with a new encrypted one.
If you think about security, try going with wp_generate_password function
EDIT I have found article how to add password strength meter to wordpress which most probably describes, what you want to achieve. Take look at it
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744762415a4592249.html
评论列表(0条)