wpv-reset-password-form does not enforce password strength

This support ticket is created 3 years, 5 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
9:00 – 13:00	9:00 – 13:00	9:00 – 13:00	9:00 – 13:00	-	-	9:00 – 13:00
14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	-	-	14:00 – 18:00

Supporter timezone: Africa/Casablanca (GMT+01:00)

This topic contains 8 replies, has 3 voices.

Last updated by Jamal 3 years, 5 months ago.

Assisted by: Jamal.

Author

Posts

August 5, 2021 at 5:46 am #2134367

himanshuS

The wpv-reset-password-form says it will enforce a password with certain characters and numbers but in actuality, it does not. Any password works just fine.

Screenshot - hidden link

Is this a bug? How can I fix this?

August 5, 2021 at 2:19 pm #2134793

Minesh

Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Hello. Thank you for contacting the Toolset support.

Yes, I can see and confirm the issue. I'll escalate it to our next level support. This will be fixed in future but please note that there is no ETA on it.

August 6, 2021 at 9:58 am #2135557

Minesh

Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

The issue is escalated to Devs but please note that there is no ETA on it when the fix will be provided.

For now, as a workaround, you should try to hide the password hint using CSS code or change the password hint using the filter:

add_filter( 'password_hint', 'func_pwd_hint' );
function func_pwd_hint() {
  
  $hint = __( 'Hint: To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).' );
 
   return $hint;

}

August 9, 2021 at 5:38 pm #2138129

himanshuS

Is there a custom way to enforce a strong password?

Your workaround is to change the message but that does not solve the problem of a weak password.

August 13, 2021 at 12:36 pm #2141963

Minesh

Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

You should try to use the hook: validate_password_reset
- hidden link

But I see its not working for me. You should file a new feature request for this using the following form:
- https://toolset.com/home/contact-us/suggest-a-new-feature-for-toolset/

August 13, 2021 at 10:25 pm #2142293

himanshuS

Thanks. This seems like a basic feature and actually a security issue for all your customers. Having weak passwords, make the whole product vulnerable to attacks. I am not sure how is this not a P1 at your end.

August 14, 2021 at 4:09 am #2142391

Minesh

Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

I understand and nothing much I can do here and that is why I asked you to file a feature request so that you can raise your voice in front of our Product Manager and raise your concern:
- https://toolset.com/home/contact-us/suggest-a-new-feature-for-toolset/

August 14, 2021 at 9:45 pm #2142779

himanshuS

Done.

August 16, 2021 at 8:59 am #2143599

Jamal

Minesh is on vacation for a couple of days. Let me follow up with you on this.

At the same time, Minesh has escalated this to our 2nd Tier, who confirms that this was never offered and therefore it is a feature request. He also escalated it to the developers to consider it on an upcoming release. However, we cannot tell when that will be done.

I'll set this ticket as escalated so we can follow up here when the developers provide any feedback.