How I can implement a strong policy password

bill1 · December 12, 2024, 12:42pm

Hello,

Can you tell me how I can implement a strong policy password like :

8 characteres minimum
At least one special charactere
At least one number

Many thanks !

ihor · December 13, 2024, 10:47pm

Hi,

Please try using this code snippet as a sample.

add_filter(
	'hivepress/v1/forms/user_login/errors',
	function( $errors, $values ) {
		if ( isset( $values['password'] ) ) {
			$password = $values['password'];

			if ( ! preg_match( '/\d/', $password ) ) {
				$errors[] = 'Password should contain a digit.';
			}

			if ( ! preg_match( '/[^a-zA-Z\d]/', $password ) ) {
				$errors[] = 'Password should contain a special character.';
			}
		}

		return $errors;
	},
	10,
	2
);

bill1 · December 15, 2024, 10:26am

Hi,

Thank you for the php snipped code, but it doesn’t work for me. Do you have another snipped code to provide me please ?

Many thanks!

arendaparent · December 15, 2024, 12:47pm

I think that line needs to be replaced with

Blockquote

hivepress/v1/forms/user_register/errors

Blockquote

arendaparent · December 15, 2024, 1:35pm

Even after the change it does not work, interesting

ihor · December 17, 2024, 12:24am

Please try this code snippet instead:

add_filter(
	'hivepress/v1/forms/user_register/errors',
	function( $errors, $form ) {
		$values = $form->get_values();

		if ( isset( $values['password'] ) ) {
			$password = $values['password'];

			if ( ! preg_match( '/\d/', $password ) ) {
				$errors[] = 'Password should contain a digit.';
			}

			if ( ! preg_match( '/[^a-zA-Z\d]/', $password ) ) {
				$errors[] = 'Password should contain a special character.';
			}
		}

		return $errors;
	},
	10,
	2
);

hame · December 22, 2024, 2:40pm

Hello @ihor,

Thank you for sharing this snippet. It worked for me and answered the question I asked here earlier: Enforce strong password on user creation

To keep users from generating weak passwords during further use of their account, I apply the filter to the user_update and the user_password_reset form as well.

However, there is an inconsistency now in the UI since the default JavaScript function and prompt of the forms consider the password length only. How can it be changed to include other requirements like “at least one special character” and “at least one number”?

Thanks!

andrii · December 24, 2024, 8:23am

Hi,

Please note that the snippet provided by Igor checks whether there is at least one digit and one special character in the password. Also, this is PHP validation (i.e. when you click on the button to confirm registration or reset your password, you will see an error if you have not followed the appropriate rules). That is, this is not a JS validation, as in the default WordPress login form. And in order to add such a JS validation, it will require a custom implementation, but we plan to use this JS script that WordPress uses.

hame · December 30, 2024, 9:16am

Hi @andrii,

Thank you for your reply.

If I just want to change the minimum password length (e.g. to 12) and the number in the prompt accordingly, this solution worked for me:

/* Change minimum password length */
/* Source: https://docs.hivepress.io/developer-docs/framework/fields */
add_filter(
	'hivepress/v1/fields/password',
	function( $field ) {
		$field['min_length'] = '12';

		return $field;
	}
);

Cheers!

system · January 29, 2025, 9:17am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.