There is an action https://developer.wordpress.org/reference/hooks/check_passwords/ which can be used to add your checking code.
You could save your ‘strength indicator’ by adding it to $_POST and then re-accessing it when the user data is saved. Actions for that are https://codex.wordpress.org/Plugin_API/Action_Reference/user_register and https://codex.wordpress.org/Plugin_API/Action_Reference/profile_update.
These actions are listed on https://codex.wordpress.org/Plugin_API/Action_Reference. Alternatively when looking for an action or filter to suit your coding needs, one can always look in the code. Either scroll through or do search in files for ‘do_action’ and ‘apply_filters’ and you’ll see what’s available and when it’s called.
Interestingly WP has a ‘pw_weak’ checkbox that on a global search does not appear to get processed anywhere, but if they’ve ticked it, it should be in the $_POST variable. ON user_register or profile_update, you could possibly check that and use that as your weak/strong indicator?
This works:
function store_weak ($user_id) {
if ( isset( $_POST['pw_weak'] ) )
update_user_meta($user_id, 'password_strength', 'weak');
else
update_user_meta($user_id, 'password_strength', 'strong');
}
add_action ('profile_update', 'store_weak', 10 ,1 );
add_action ('user_register', 'store_weak', 10 ,1 );
This also works:
function check_strength () {
$_POST['strength_level'] = 'medium'; // or whatever
}
function store_weak ($user_id) {
if ( isset( $_POST['strength_level'] ) ) {
update_user_meta($user_id, 'strength_level', sanitize_text_field($_POST['strength_level']));
}
}
add_action ('check_passwords', 'check_strength', 10 ,1 );'