admin管理员组

文章数量:1391836

My users have the ability to change their password from a plugin admin screen. I want to make sure the password they create meets whatever the minimum requirements are. I'm not trying to change the password requirements. I just want to know what the default requirements are. Is there are function I can use to get the default requirements?

My users have the ability to change their password from a plugin admin screen. I want to make sure the password they create meets whatever the minimum requirements are. I'm not trying to change the password requirements. I just want to know what the default requirements are. Is there are function I can use to get the default requirements?

  • plugin-development
  • password
Share Improve this question asked Feb 8, 2020 at 18:58 KirklandKirkland 3082 gold badges3 silver badges14 bronze badges 0
Add a comment  | 

2 Answers 2

Reset to default 3

The minimum requirements are that it passes the zxcvbn library's strength check. I can't see a simple summary of their rules. This is registered as script 'zxcvbn-async' that you can enqueue / make a dependency of your own scripts, and then you can run the check yourself on the client-side. See password-strength-meter and user-profile.js's multiple cases for zxcvbn being not-yet-loaded.

Nowadays WordPress encourages you to use randomly generated passwords

  • new user registrations always have a randomly generated password
  • to change your password in the admin site you click 'generate password' to get a new random one; it does give you the chance to override it but will disable the 'Update profile' button on the page until your password has passed a zxcvbn check.

This is only enforced on the client-side though; there's no server-side enforcement as far as I can see. user.php does have a check_passwords action but isn't passed $errors to raise weak password errors itself; you'd have to remember the error and add it in user_profile_update_errors later. But there isn't anything like that in a default WordPress install.

Surprisingly, for plugin development, correct answer is none

From set password documentation:

wp_set_password( string $password, int $user_id )

Updates the user’s password with a new encrypted one.

If you think about security, try going with wp_generate_password function

EDIT I have found article how to add password strength meter to wordpress which most probably describes, what you want to achieve. Take look at it

本文标签: plugin developmentWhat are the default WordPress password requirements

版权声明:本文标题:plugin development - What are the default WordPress password requirements? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744762414a2623829.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。