How to set custom validation for WordPress Passwords?

By Using following hook, you can customize your login page and password validations with ajax or PHP.

add_action( 'login_form', 'myplugin_add_login_fields' );

function myplugin_add_login_fields() {

    //Get and set any values already sent
    $user_extra = ( isset( $_POST['user_extra'] ) ) ? $_POST['user_extra'] : '';
    ?>

    <p>
        <label for="user_extra"><?php _e('Extra Field','mydomain') ?><br />
            <input type="text" name="user_extra" id="user_extra" class="input" value="<?php echo esc_attr(stripslashes($user_extra)); ?>" size="25" /></label>
    </p>

    <?php
}

Let me know, I case of any issues.

Related Posts:

  1. Where to securely store API keys and passwords in WordPress?
  2. Why are passwords exportable as plain text in WordPress?
  3. How is password strength calculated?
  4. Make password invalid once logged out of password-protected page
  5. Can’t reset WordPress password
  6. Is the “lost password” feature truly a vulnerability?
  7. Frontend Password change
  8. Is it possible to reduce the minimum character length for passwords?
  9. Is there any point setting the keys and salts in wp-config.php?
  10. When is wp_set_password() called or how to capture a password
  11. Moving away from MD5: Where to declare the custom global $wp_hasher?
  12. How to get WordPress to send Password Reset Link Email instead of New Password?
  13. Basic password protection without using users and roles
  14. How can I force a specific password?
  15. Can a WordPress administrator see other users’ passwords?
  16. After limiting the access to my wp-login.php by IP through .htaccess, all my password-protected posts stopped working. What’s the best solution now?
  17. Password-protect feed and make it usable in major aggregators
  18. Could a user account with a stolen password compromised entire WP site?
  19. Is my WP site being hacked?
  20. How to get real password (before encrypt) when register a user?
  21. Directory to store secure file
  22. Can you alter the default wordpress strong password requirements?
  23. what is a auth_user_file.txt?
  24. Is moving wp-config outside the web root really beneficial?
  25. Best way to eliminate xmlrpc.php?
  26. If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
  27. Should I remove install.php and install-helper.php?
  28. How do I technically prove that WordPress is secure?
  29. Which KSES should be used and when?
  30. Disable comment windows for all existing posts (pages/blogposts)
  31. Generate WordPress salt
  32. Vanilla WordPress install, what can/should I put in disable_functions?
  33. Stop wordpress automatically escaping $_POST data
  34. Secure my “add_settings_field” translation?
  35. how can i embed wordpress backend in iframe
  36. Handling nonces for actions from guests to logged-in users
  37. WordPress Logout Only If User Click Logout or If User Delete Browser History
  38. Can I force a password change?
  39. wp_insert_post disable HTML filter
  40. What is pclzip.lib.php file that wordfence think it’s a malicious code
  41. How to disable XML-RPC from Linux command-line in a total way?
  42. How to remove javascript malware in wordpress site [closed]
  43. Completely remove the author url
  44. Securing my WordPress Files and Directories
  45. Restricting access to content
  46. About WordPress site security
  47. Single sign-on: wp_authenticate_user vs wp_authenticate
  48. How to allow internal links using wp_kses filtration
  49. How does Cross Site Scripting (XSS) work exactly? [closed]
  50. Password protect a specific category page/post
  51. How does the “authentication unique keys and salts” feature work?
  52. vs WordPress Security
  53. esc_html__ security : what for in this example?
  54. Preventing BFA in WordPress without using a plugin
  55. wp-config.php being written by attacker
  56. XML-RPC errors they know my username?
  57. Is [admin / admin] acceptable for all local websites?
  58. Simple Online Payment for Event Registration [closed]
  59. What may be causing failure of auto-install features in WordPress (v3.0.3)?
  60. Client side HTTP parameter pollution (reflected)
  61. Local file inclusion critical security issue [closed]
  62. Malware script in database post table only? [closed]
  63. Best practices to assert current_user_can() with guests
  64. Force to use STRONG users password and implement rule to prevent REUSE [closed]
  65. How do I protect user_activation_key?
  66. XMLRPC slow and weird websites/services
  67. Is it safe to hand over the admin rights?
  68. How to find exploited wordpress plugin [closed]
  69. How I can open back door for myself?
  70. Specific way to allow WordPress users to view their current password? And edit it?
  71. Who updates the wp-admin/core file?
  72. How WordPress sanitizes post content on save? Or it doesn’t?
  73. Does this code indicate an exploit?
  74. Security issue with ‘paged’ and ‘posts_per_page’ parameters taken directly from a POST request?
  75. How to prevent to direct access of my custom plugin folder/files
  76. RESTRICT EDIT of PHP files?
  77. wp-content – permissions for files/folders created by apache
  78. Has anyone developed a anti-spam plugin to simply allow users to BLOCK whatever they wish to, but one that will also go easy on IP addresses?
  79. Monitor wordpress all external calls
  80. HSTS header not being added correctly
  81. how to protect wordpress content from crawler
  82. Is it okay to use an ACF field to store a password for a protected area of a page?
  83. Can WordPress admin user + database credentials be used to gain Cpanel or FTP access?
  84. Should I worry about SQL injection when using REST API?
  85. Links to root domain from search engines don’t work, but direct links and links from other referrers do
  86. How can I backup my site if it gets hacked?
  87. Standard Method for Securing a WordPress Site
  88. Secure Multiple WordPress Installations on shared hosting
  89. Able to go to WordPress admin even after deleting auth cookies from request headers
  90. Step by Step Instructions for Making Media/Uploads Private to Only Logged-In Users
  91. Secure a WordPress website in 2019: one plugin or a combinations of them?
  92. What are the different types of firewall protections available for a WordPress website?
  93. Run a security scan on WordPress site that has .htaccess password [closed]
  94. Is this a WordPress security bug?
  95. Competitor is somehow accessing MetaData on a hidden WordPress site
  96. WordPress Hacks/Defacing [closed]
  97. How do you search for backdoors from the previous IT person?
  98. Possible to change email address in keypair?
  99. Is wp-cron.php vulnerable to external attacks and how to protect it?
  100. How to address security vulnerabilities: LUCKY13, BEAST, and BREACH