Enforce strong password on user creation

Hello, im trying to figure out how to enforce a strong password policy on user creation but im a bit confused because on How to Secure a WordPress Directory Website | HivePress Blog
there is a point about “Strong Password Policies” but in the meantime it seems there is now way to configure it throught the Hivepress plugin directly?

Iv tried some addons that are suposed to enforce a strong policy like Password Policy Manager but it dosnt work with Hivepress so i suposed Hivepress dosnt use the basic wordpress registration form but a custom one?

So im wondering if someone could have a php snippet compatible with hivepress to share with me for adding inside functions.php

Thanks by advance

iv tried

// Hook to validate the password during registration or login
add_filter(
    'hivepress/v1/forms/user_login/errors',
    function( $errors, $values ) {
        // Check if the password is set
        if ( isset( $values['password'] ) ) {
            $password = $values['password'];
            $password_errors = validate_password_complexity($password);

            // If there are password errors, merge them into the $errors array
            if ( $password_errors ) {
                $errors = array_merge( $errors, $password_errors );
            }
        }

        return $errors;
    },
    10,
    2
);

// Function to validate password complexity
function validate_password_complexity( $password ) {
    $errors = [];

    if ( strlen( $password ) < 8 ) {
        $errors[] = "Password must be at least 8 characters long.";
    }

    if ( !preg_match( "#[0-9]+#", $password ) ) {
        $errors[] = "Password must include at least one number.";
    }

    if ( !preg_match( "#[a-z]+#", $password ) ) {
        $errors[] = "Password must include at least one lowercase letter.";
    }

    if ( !preg_match( "#[A-Z]+#", $password ) ) {
        $errors[] = "Password must include at least one uppercase letter.";
    }

    if ( !preg_match( "#\W+#", $password ) ) {
        $errors[] = "Password must include at least one special character.";
    }

    return $errors;
}

but i can still create an user with 12345678 password for exemple

Hi,

I recommend using the hivepress/v1/forms/user_register/errors filter hook, this way you can check the password length and complexity, and if it doesn’t match the requirements you can add a custom error to the filtered array of $errors. Another approach would be also adding an indicator using JS, but back-end validation via this hook is needed anyway. We also plan to add password strength indicator in future updates.

Hope this helps

If i’m using REST APi for the front end can i just do the checks of a strong password in the front end. to make sure the user uses a word containing number, letter, character and upper case?

Hi,

Please note that it does not matter whether you use the REST API or not, since the indicator itself is made using JS on the frontend, but validation is still performed through a hook on the backend. You need to usehivepress/v1/forms/user_login/errorsbecause JS can always be disabled in the browser and skip the requirements, so the backend is like a safety net.

Hi,

I am new to HivePress and tried the above code. I only replaced ‘hivepress/v1/forms/user_login/errors’ by ‘hivepress/v1/forms/user_register/errors’.

That put the registration form out of order and returned this error:
Uncaught Error: Cannot use object of type HivePressFormsUser_Register as array

The system says that the error happened on this line:
if ( isset( $values['password'] ) ) {

Does anything else in the code need to be modified apart from the complexity. If so, can someone post the correct code?

And does it only check the password strength at user registration or also at password change and password reset?

Thanks very much in advance!

Hi,

The snippet you posted is not correct, so there may be errors. Unfortunately, we cannot provide custom code on our part, but only general guidance. We recommend that you check out these links:

https://hivepress.github.io/hook-reference/hivepress_v1_forms_%257Bform_name%257D_errors.html

https://gist.github.com/search?q=user%3Ahivepress+errors&ref=searchresults

If you are familiar with coding or have a developer, you can add custom errors using this hook hivepress/v1/forms/user_login/errors

​I hope this is helpful to you.

@andrii ,
Thanks for your prompt help.
I understand and will see how to make this work.
Cheers.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.