I know this plugin is no longer supported and can no longer be downloaded to use, but for those that are still using it beware. If you update to PHP 8.1 (possibly even 8.0) and a WordPress version that is numbered as a patch ie major.minor.patch such as 5.9.1 your website will fail due to a critical error in the plugin.
On line 46 of the main plugin file (slt-force-strong-passwords.php)
define( 'SLT_FSP_USE_ZXCVBN', version_compare( round( $wp_version, 1 ), '3.7' ) >= 0 );
will cause a fatal php error ie:
Fatal error: Uncaught TypeError: round(): Argument #1 ($num) must be of type int|float, string given
as $wp_version will be ‘5.9.1’ a string and not an int or float, round fails.
Why has this worked until now you ask? I expect it is because it is not until PHP 8.0 that things became more strict with passing the correct data types.
One way to get your site working again, would be to replace the line with
define( 'SLT_FSP_USE_ZXCVBN', true );
assuming that you are using WordPress greater than 3.7 (which would be a worry if you are not)
Hope this helps someone.
]]>No updates for 3 years.
]]>Hello Jason and all. This plugin looks great! So much simpler than all those overweight security plugins out there.
There’s one thing I don’t see that I’m looking for and am curious of your thoughts on. I’m looking for a code snippet ( or a slim plugin ) to block all logins when the password is considered weak, requiring they reset their password before they can authenticate to the site.
Code-wise, I’m looking at returning false to filter send_auth_cookies when insecure ( see core function wp_set_auth_cookie ), and will have to research where all that function is called where we could test the password.
On all admin pages, there are two scripts that are not loading correctly on subdomains of multi-sites in which the subdomain is mapped to a primary domain name.
The two scripts are:
force-zxcvbn.min.js
js-admin.min.js
Instead of these scripts being loaded, the plugin is trying to load scripts with empty names:
<script type=’text/javascript’ src=’https://www.njsnowbowl.orgs?ver=1.7′></script>
<script type=’text/javascript’ src=’https://www.njsnowbowl.orgs?ver=1.7′></script>
These each result in an ERR_CONNECTION_REFUSED error which drastically slows down all admin pages and in some instances nearly makes the admin unusable.
Any ideas on how to fix this? Thanks!
]]>Any chance that the author of this plugin could update the changelog so that the most recent update gets a refresh?
We have a general policy of not using plugins that haven’t been updated in a year.
Has any testing been done against WP 5.0 Beta ?
]]>When changing password using the BuddyPress profile the plugin is not working – any dumb password can be entered, which defeats the original intent when the strong password is set. Any way to hook into it?
Thanks in advance for your wise suggestions ??
Hey There!
You may have heard from something called the GDPR (General Data Protection Regulation) that is n force for every company that collects data from individuals that live in the european union.
I would be really grateful, if you could answer these questions so I could be sure, your plugin is compliant with the GDPR Law.
Thank you very much in advance!
Have a good day,
Nicola
Hi,
As mentiod in multiple posts, it does not work on the ‘Lost password’ process. And i can’t find a dev response for this question?
If it is not possible to force strong password on password recovery, isn’t this plugin completely useless, or am i missing something?
Best regards,
Bjorn
Hi,
I have installed Force Strong Passwords on WordPress and am in the process of testing. I requested a password reset at the log in screen and was forced to choose a strong password. All good so far.
The next step was to change my password through the Profile option. NB My account has Author rights. I selected Generate Password and a strong password was autogenerated. I replaced this with a WEAK password and TICKED the box to confirm use of weak password. I then updated my profile. There was no obvious message so it appeared that my weak password has been accepted.
On logging out and then back in the weak password was not accepted, and I had to log in with the old strong password.
I tested changing the password to a weak one again, and this time spotted the error message at the top of the screen. “ERROR: Please make the password a strong one.”
Is there anyway this can be made more obvious, like a pop up box?
Many thanks : )
]]>I’d like to know if this plugin works if used as a MU plug instead of through normal activation methods.
This would be ideal for me, but I realize this plug may need the init hook to function properly.
Has anyone tested this or have an answer?
]]>Hello. Is this plugin still actively developed?
Thanks!
]]>Hello, I’m looking for a plugin to set password stength. Is there any possibility to make this plugin force the minimum password length – and anything else ?
Thanks
]]>I tried the plugin with the wbjobboard.net job board, and the front-end account creation system doesn’t get touched by this plugin. I was able to use their account creation page to create an account with password, “abcdefg”, despite the fact that I had previously put the following function in my functions.php file for the theme:
/* To trigger strong password enforcement for all users: */
if ( function_exists( ‘slt_fsp_init’ ) ) {
//plugin is activated
add_filter( ‘slt_fsp_caps_check’, ‘__return_empty_array’ );
}
Hi developer!
I have three questions:
1.) How does “Force Strong Passwords” go in companion with iThemes security software firewall that also have a password feature? Any comparability issues?
2.) Which one of these two actually performs best in terms of enforcing a strong password on new and existing users?
3.) How compatible is this plugin with WordPress Multisite?
Thanks a lot in advance for your answers!
]]>hi i like your plugin. but why its not working on my site., i use multisite. i dont know whats the problem.
hoping for your response
Hi,
i′m using Buddypress where users have the ability to change their password within the profile settings page. Is it possible to also integrate this plugin to this Buddypress function?
Kind regards,
Georg
Having a weird issue with 1.6.4 of this plugin and WP 4.3.1 where, if a user clicks a link that takes them to the change password screen here…
https://oi65.tinypic.com/34qlh94.jpg
…and then enters a weak password and clicks the “Reset Password” button, they get sent to a another page here…
https://oi68.tinypic.com/156zj2q.jpg
…which has an incomplete, unsubmittable form. Any ideas?
]]>When selecting the lost your password option, it doesn’t show any indication that you need to choose a strong password.
Please advice.
]]>Hi there,
after WP 4.3 upgrade, I get this error when I add a user with Author/Editor/Admin or custom role:
“ERROR: Please make the password a medium or strong one”
Even if the password is strong!
I contacted my hosting support (WP Engine) who confirmed is a plugin bug affecting non-English WP install.
Hope you can help ??
Cheers
]]>I’m using your plugin, but I had to edit it because my client wants to allow “Weak” level passwords for subscribers (just not very weak).
But, of course, the “Weak” label on the indcator is misleading. Is there a way to change the password level indicator names (Weak, Medium, Strong)? I’d like to change “Weak” to “OK”.
Thanks!
]]>Hi,
Great plugin, though when using the forgot password link to reset, if a user enters a weak password it triggers a Fatal Error prompt where the Reset Password button would be.
I’ve replicated in both Chrome and Firefox (haven’t done further testing).
Any help would be appreciated.
The error is copied below:
Fatal error: Call to a member function get_error_data() on a non-object in /www/wp-content/plugins/force-strong-passwords/slt-force-strong-passwords.php on line 110
]]>hello there ??
thanks for such a nice plugin. as there was no german language file available I just created one.
you can download from here and add to your plugin:
slt-force-strong-passwords-de_DE.po
slt-force-strong-passwords-de_DE.mo
thanks & all the best
becki
I’m seeing that the admin notice
ERROR: Please make the password a strong one.
comes up but the user can choose to ignore this and continue with life.
Am I missing something? I was expecting a redirect to the profile page until the password had been changed.
]]>Does this affect S2Member User Roles?
]]>Steve, using FSP at wpengine. Working great but can’t get it to work with Theme My Login. I noticed in a post to mailchimp it looked like you were using FSP with Theme my Login? If so, any chance I could get some guidance on how to implement?
]]>It would be great to easily add the password check to custom form fields on the PHP side.
Something like:
is_strong_password($pw)
]]>On the Password Reset page from Forgotten Password confirmation link, I still receive the error no matter the password strength.
]]>When activating this plugin I get a new script line loaded in this way:
<script type=’text/javascript’ src=’https://www.domain.coms?ver=1.0′></script>
which never ends to load and make the admin panel very slow. No matter the domain or the extension always adds the final “s?ver=1.0”
I’ve compared with other sites the and it’s missing the complete path which should be something like:
/wp-content/mu-plugins/force-strong-passwords/js-admin.min.js?ver=1.0
Anyone else is getting this? How could I fix it?
Thanks.
]]>scrambleheadarsenalmary is indicated as “weak” or sometimes “medium” by the js script but the server accepts it. Am I doing something wrong?
]]>