Force Strong Passwords wordpress plugin resources analysis
| Download This Plugin | |
| Download Elegant Themes | |
| Name | Force Strong Passwords |
| Version | 1.3.4 |
| Author | Steve Taylor |
| Rating | 80 |
| Last updated | 2014-12-16 09:54:00 |
| Downloads |
12992
|
| Download Plugins Speed Test plugin for Wordpress | |
Home page
Delta: 0%
Post page
Delta: 0%
Home page PageSpeed score has been degraded by 0%, while Post page PageSpeed score has been degraded by 0%
Force Strong Passwords plugin added 6 bytes of resources to the Home page and 9 bytes of resources to the sample Post page.
Force Strong Passwords plugin added 0 new host(s) to the Home page and 0 new host(s) to the sample Post page.
Great! Force Strong Passwords plugin ads no tables to your Wordpress blog database.The WordPress user profile includes a JavaScript-powered indicator as a guide to the strength of a password being entered. However, there is nothing to stop users entering weak passwords. Often, users changing their password to something very weak is the most vulnerable aspect of a WordPress installation.
IMPORTANT: As of WordPress 3.7, the password strength meter is based on the Dropbox "zxcvbn" script. This is a far better check, but extensive and quite a job to port to PHP, which is the way this plugin worked prior to 3.7. For 3.7 and above, this plugin simply passes the results of the client-side zxcvbn check for the server to decide if an error should be thrown. Beware that a tech-savvy user could disable this check in the browser.
Strong passwords are enforced for all users who have any of a specified array of capabilities. The default list is: publish_posts, upload_files, edit_published_posts (see Roles and Capabilities). If the user whose password is being edited holds any of these capabilities, the strong password enforcement will be triggered. To customize this list, use the slt_fsp_caps_check filter (see below).
Development code hosted at GitHub.
Filters
slt_fsp_caps_check (should return an array)
Modifies the array of capabilities that, if any one is held by the user whose password is being edited, the strong password enforcement will be triggered.
To make sure users who can update the core require strong passwords:
add_filter( 'slt_fsp_caps_check', 'my_caps_check' );
function my_caps_check( $caps ) {
$caps[] = 'update_core';
return $caps;
}
To trigger the strong password enforcement for all users:
add_filter( 'slt_fsp_caps_check', __return_empty_array() );
slt_fsp_error_message (should return a string)
Modifies the default error message.
slt_fsp_weak_roles (should return an array)
Modifies the array of roles that are considered "weak", and for which the strong password enforcement is skipped when creating a new user. In this situation, the user object has yet to be created, so there are no capabilities to go by, just the role that has been set on the New Users form. The default array includes: subscriber and contributor.
