WooCommerce Password Strength Settings Plugin
In newer versions of WooCommerce, a password strength meter was integrated so you can ensure your shoppers have a safer shopping experience. Despite the advice to avoid common passwords, more often than not users default to the same code for every site – the small prod can avoid big issues in the future. While it’s a great measure, a lot of store owners want to either lower the restriction or remove it all together – either the restriction was too much, not necessary, or maybe even not strong enough.
This problem could of course use a function as a remedy, but that’s often beyond a store owner’s comfort level. We know that functions could be overwritten, could cause issues, or could even bring the whole site down in flames – I’ve seen it. There has to be a better way, right? RIGHT?!
Of course there is! In response to a lot of customer demand, I put together the WooCommerce Password Strength Settings Plugin. It’s a quick, one-option plugin that allows you to define the level of security required for new user passwords on your site.
What does WooCommerce Password Strength Settings do?
This plugin adds a new area to your WooCommerce installation in the WooCommerce > Settings > Accounts page to control the required WooCommerce Password Strength for new users. This allows store owners to either enforce only the strongest passwords, let anything slide, and a range of options in-between.
Ranging from level 1 to 5, the store administrators now have an easy place to switch the password strength on the fly.
It’s quick to install and even quicker to set up, so check it out on the WordPress.org repository, and if you like it, don’t forget to rate and review it! 🙂
For more information, see the Portfolio page with links to the public GitHub for issue reports, contributions, etc. I’d also love to hear what features you want to see in the future, so either post as an Issue on the GitHub or as a comment here!
Have any questions or comments about this article, or ways you think it can be improved?
Join the conversation in the comments below, or sign up for my newsletter to recieve periodic updates!
Just installed your plugin. Very handy, thank you!
I wanted to suggest an option for a future version if you’re interested. Be great to maybe include a second option to it, where you can tick a box to remove the extra security text that shows ‘Weak Password…’ etc from displaying. It’s wise to follow the suggestion, but if one were to install this due to issues with customers being turned off by highly secure passwords, likewise, the extra text might scare them away or make them assume that their regular (unsecure) password might now work. Granted it’s a simple thing to just submit anyways, but knowing how some less tech savvy users are, it’d probably be wise to remove anything discouraging.
Thanks for the input – I’m actually getting ready to push out a new version today or tomorrow that will let you customize the messages that are displayed. There’s still a few things I’d like to tweak and add to it, but I don’t want to call in additional scripts that would add extra load, so keep an eye out for the update and let me know what you think. 🙂
What are woocommerce password policies anyway? I have been testing my own store, i currently have set it to 1, but the only “level” i feel confortable with is 0. That way you know for fure the rules: anything is accepted. Whatever other level produces very random results when a user is trying to register. Like it may accept “abc”, but not “abcd”…
The password strength settings aren’t actually defined by WooCommerce – it’s using the WordPress core strength tool. There isn’t a clear cut definition of each level, as it’s determined by the algorithm WordPress uses called zxcvbn, developed by Dropbox. Here are some examples, though:
Level 1 Password (Very Weak): a
Level 2 Password (Weak): djwo1n
Level 3 Password (Medium): djwo1n! (the special character itself didn’t actually raise the difficulty on its own, but it did bring it up to the next level. More characters added to the Level 2 password would have had the same effect. Capitalization doesn’t have much impact.)
Level 4 Password (Strong): donthackme (even though I’d consider this a very poor password choice, the calculator can’t think like we do, so if a computer was trying to brute force into your account this would be a relatively strong password)
Level 5 Password (Very Strong): can coaster desk 3 (multiple short words tend to make the strongest passwords)
You can look into the public GitHub for zxcvbn here: https://github.com/dropbox/zxcvbn
And there’s a tool they have where you can test different passwords here: https://lowe.github.io/tryzxcvbn/
Hope this helps!
Updated on May 15, 2019 to include new hosted test URL
Thank you for the plugin. It seems to be working great. I too am having the concern that the text from the original strict woocommerce strength meter are still coming up. I have the latest version of the plugin and see the areas where i can add the text, but the text i am adding it not showing up, the default from woocommerce “Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! ” ? $ % ^ & ).” are coming up. I set the level to level 1 – anything and that works, but the woud love if i can get the hint to go away.
any suggestion will be helpful
you can see it on
Hi Ali! Thanks for the feedback – this is something that can be removed, but requires some additional code I’m looking to add in the next version (once I get some time to dedicate to code, that is 🙂 ). Stay tuned and this should be available soon!
Just like the above post, I changed the settings to weak and the Hint still shows up…..I want the suggestion of a 12 character password to not be there. Is this possible somehow?
Yep, definitely possible. This is something I’m looking to include in the next version – it’s just a matter of finding some time to code it in, but keep your eyes peeled for an update. 🙂
It doesn’t work anymore please fix it daniel
Hi Elior, it seems to work on my test installations. If you’d like, I can take a look at your site in specific to see what would be causing the problem – just fill out the form on this page which will go to my secure help desk so we can find out what’s wrong. 🙂 https://danielsantoro.com/support/