What are the default WordPress password requirements?

The minimum requirements are that it passes the zxcvbn library’s strength check. I can’t see a simple summary of their rules. This is registered as script ‘zxcvbn-async’ that you can enqueue / make a dependency of your own scripts, and then you can run the check yourself on the client-side. See password-strength-meter and user-profile.js‘s multiple cases for zxcvbn being not-yet-loaded.

Nowadays WordPress encourages you to use randomly generated passwords

  • new user registrations always have a randomly generated password
  • to change your password in the admin site you click ‘generate password’ to get a new random one; it does give you the chance to override it but will disable the ‘Update profile’ button on the page until your password has passed a zxcvbn check.

This is only enforced on the client-side though; there’s no server-side enforcement as far as I can see. user.php does have a check_passwords action but isn’t passed $errors to raise weak password errors itself; you’d have to remember the error and add it in user_profile_update_errors later. But there isn’t anything like that in a default WordPress install.

Related Posts:

  1. Problems after wp_set_password() containing an apostrophe
  2. How to use wp_set_password in a plugin?
  3. WordPress password reset – why post rp_key?
  4. wp_insert_user() function password never match
  5. Add Password Generator on password protected page
  6. How to get all product in the woo-commerce? [closed]
  7. How can I save a password securely as a settings field
  8. Using password protection to load different page elements?
  9. WordPress Reset password Strength set to medium
  10. Use content filter on the post that is password-protected
  11. Send retrieve password notification email with custom HTML email template
  12. How to include wp-load.php from any location?
  13. Correct way to enqueue jquery-ui
  14. How to echo the_excerpt without the P tag wrapper?
  15. How can I update a wordpress plugin from a Git repository (github)
  16. Is There a Plugin Life Cycle Documentation?
  17. What is an alternative method to the WordPress private _doing_it_wrong() function
  18. Shortcode adding p and br tags
  19. Using AJAX in a plugin to submit form – REALLY confused
  20. Filter to change the content of 404 page
  21. What action is called when drafts are saved?
  22. How to: get main plugin/theme file?
  23. PHPUnit test plugin activation
  24. Use an empty page to build custom plugin output
  25. Conflicting save_post functions when passing the post id and saving custom meta boxes for different post types
  26. Dynamically override page.php or single.php with custom templates using function
  27. How to get an image transferred via FTP or script to appear in Media Manager?
  28. Does settings API create settings on run time?
  29. Where should I store global data for my multi-site WordPress plugin?
  30. wordpress 3.0 json issue
  31. How to allow core Gutenberg blocks selection only when you are inside a custom inner block
  32. Print value of an array or variable in a payment plugin
  33. How to extend expiry time of jwt wordpress token?
  34. Coding a plugin on WordPress; when should I sanitize? [duplicate]
  35. $wpdb -> Batch insert from XML File?
  36. Settings not set after calling register_setting()
  37. wp_count_posts on all post types?
  38. preprocess_comment array doesn’t have comment_ID
  39. Conditionally Remove a nav menu link if session is active
  40. $content variable – Is this a reserved variable for a WordPress function? – php / wordpress
  41. WP REST API V2 – Add user data to response
  42. Applying OO patterns and principles to plugin development
  43. Include content of file into plugin (ob_start();;include;ob_get_clean()) without
  44. How to schedule a cron job in plugin without waiting for page load request?
  45. Is it possible to change a term slug before being saved to the database?
  46. How To Change Logout Screen Title
  47. Call wp_generate_password() from within a Class
  48. Set different custom menu items for different user roles
  49. Getting List of all registered Dashboard Widgets
  50. Why does wp_remote_post returns an empty body response on certain endpoints?
  51. Replace youtube embed in wordpress
  52. Where to write custom logs in WordPress
  53. How developed with version control word press site on shared host? [closed]
  54. Admin – Handle data before creating or updating a post, page or custom post
  55. wp_redirect on base wp-admin and login
  56. add_settings_field Data not passing to Options Page Like it should
  57. Valid filenames for add_action’s first parameter
  58. What to hook into to check a value before a post is published?
  59. Correct syntax for database inserts from plugin?
  60. How to add a gradient component to a custom block
  61. wp_schedule_event() set daily, but processed every second
  62. Can’t get AJAX call working in custom plugin
  63. Empty Pdf file generated with FPDF library in WordPress plugin [closed]
  64. $wpdb->update() always need a second try
  65. Why aren’t some plugin styles loading when I load a template?
  66. Pagination not working with custom wp_query
  67. My plugin won’t create table in wordpress 3.5
  68. Remove Permalink Meta Box not working?
  69. WordPress actions for plugin admin UI page
  70. wp_insert_user keeps echoing values
  71. Getting posts by taxonomy
  72. Pause plugin option page until all data manipulation is complete
  73. Modify custom block plugin without losing content
  74. Exclude Woocommerce Product Category From Sitemap
  75. apply_filters() and call_user_func() to define and call a function outside a class
  76. How to show only the last two categories in a menu?
  77. HTML Elements in my WP Plugin being generated in JS. Security and Translated Text Question about this method being used
  78. howTo let wordpress endpoint return html-page
  79. User meta query using Wildcard
  80. use a (Polymer) web component within a plugin (or theme)?
  81. Warning: Illegal string offset ‘Andorra’ in … on line 106
  82. wp_ajax add_action fuction won’t fire on custom jQuery action
  83. wordpress4.8.2 Multilingual Plugin
  84. Customize WordPress Admin Menu
  85. Dedicated server and WPDB Class : huge slow-down of the website
  86. $wpdb how can i save my postmeta table before querying it
  87. Create dedicated page with custom template showing custom data
  88. How can I see a varibles value when my plugin runs?
  89. Add Button to TinyMCE Custom Menu
  90. How should I use wpdb class to submit a form in admin dashboard?
  91. WordPress plugin: admin-ajax.php not passing data to custom function
  92. Create pages for authors
  93. How do I create Widget within plugin that uses its own class?
  94. Looking for Hook that is fired after a plugin or wp upgrade is installed/updated
  95. How to design WooCommerce-like admin tabs for plugin settings page?
  96. Woocommerce: block user removing cart item
  97. How can I dynamically change title and description in WordPress?
  98. Is there a canonical way for a plugin to install a mu-plugin or drop-in?
  99. How can create a custom plugin to call my webapi after any registration or membership plugin functionality
  100. Calling get_header() with installed FSE theme

Leave a Comment