Can’t enforce strong passwords

Hi karamash,
Can you confirm that after changing any of your users’ password to any shorter password than 5 characters, you don’t get this message?

“Please choose a stronger password. Try including numbers, symbols and a mix of upper and lower case letters and remove common words.”

Because we use our own point system to evaluate password strength, you maybe confused by the WordPress password strength meter while testing this feature.

Thanks.

I am having the same problem.
Under ‘Login Security Options’ I have selected ‘Force all members to use strong passwords’. But when the link is sent, I can override the strong default password with something ‘very weak’ like ‘cat’. The message ‘Your password has been reset. Log in’ then appears and I’m able to then log in using this very weak password. The example user is a Subscriber.
Thanks.
Andy

Hi Andy,
“Enforce strong passwords” only works when users update their profiles, but not when choosing their password for the first time while registering on the website, we have a case opened in our internal issues tracker (reference: #FB4335) which should address this issue in any of the upcoming releases, however I don’t have an ETA for this one yet.

Thanks.

Ahhh… Thanks. A problem for our site because we prevent people from accessing the WP Dashboard and hence their profile page.
I look forward to a speedy fix to allow strong passwords to be enforced by all means.
Andy

Is there a way to enforce strong passwords after they’ve already setup a user account? Or a way to make passwords expire? I’ve inherited a client that has had their WordPress website for many years, and I recently found out that more than one user has fewer than eight characters for their password.
Thanks, Peter

following – I will be able to use this plugin when this is fixed, would like to know when a resolution happens