WordPress.org

Ready to get started?Download WordPress

Forums

Force Strong Passwords
ERROR: Please make the password a strong one (11 posts)

  1. WebEndev
    Member
    Posted 1 year ago #

    This error appears in the user profile when ANY change is made to the profile. Even if the password is not changed.

    It should only display IF the CURRENT password is not strong. My current one is, but it still displays the message.

    Thanks.

    http://wordpress.org/extend/plugins/force-strong-passwords/

  2. inlate
    Member
    Posted 9 months ago #

    I have the same error, always, even with upper, lower char, digits, special chars, longer that 20 digits...

    WordPress 3.7.1

    Thank you,
    Rickyx

  3. lakrisgubben
    Member
    Posted 9 months ago #

    Since 3.7 this plugin checks if the new dropbox pwd-strength library approves your password, the problem is that it does it like this:

    var psr = $( '#pass-strength-result' );

    And then fails if that is != 'strong'. But if you run a localized version of wordpress, that won't be strong but a translated version of strong. Don't know what the best solution for the plugin author will be, but the password-meter also get a class strong so maybe that could be used?

  4. Steve Taylor
    Member
    Plugin Author

    Posted 8 months ago #

    Apologies, had a mix-up with my RSS aggregator and missed this thread.

    I've added a fix on GitHub, simply testing the stored password strength result against a localized version of the string, i.e. __( 'Strong' ). If you could test this out and verify it with your installations, that would be great!

    https://github.com/gyrus/Force-Strong-Passwords/archive/master.zip

    Please report back on GitHub:

    https://github.com/gyrus/Force-Strong-Passwords/issues/7

  5. tribus_greg
    Member
    Posted 8 months ago #

    Fix didn't work, still gives me the error "use strong password" when I use something like @sl329#(died03L39009@(#*
    This tested Very Strong on a few test sites. So you know it should have passed the test from Dropbox.

    Silly WP broke :(

  6. Jesse Friedman
    Member
    Posted 8 months ago #

    I have an issue where Super Admins are not able to change the password for editors at the site level. The password indicator says it's "Strong" and these passwords are very strong, and yet we are never able to save the password.

    The error at the top is "Make your password strong".

    However if I go to network/users.php and edit the user there, it works fine.

    Has anyone else experienced this issue?

    I am on WPEngine which forces you to use this plugin and it's been a serious issue as of late.

  7. Steve Taylor
    Member
    Plugin Author

    Posted 8 months ago #

    Jesse, there is another multi-site issue, possibly related?

    https://github.com/gyrus/Force-Strong-Passwords/issues/2

    I've never really worked with MU and I'm pretty busy. I've been hoping someone experienced with MU and into the plugin would chip in with a patch.

    But I had no idea WPEngine forced people to use this plugin. That's a huge amount of users, right? All hidden behind a single download on my stats! Anyway, I'd pester WPEngine about it. Surely a company that big should be more careful about what plugins they force customers to use? Or have the resources to make stuff work?

  8. wirlen
    Member
    Posted 8 months ago #

    Hey Jesse,

    I had this problem aswell for one of my sites @wpengine. And my solutions was to remove the plugin completely and which crashes the site. And the download the lastest master branch. And upload it with SFTP and it works like a charm now. Dunno why this solves is.

    Hope this works for you.

  9. boogah
    Member
    Posted 8 months ago #

    If you're a WP Engine customer, the support team can disable the plugin for you until a fix is released. Just contact them and let them know you're having issues!

  10. Jesse Friedman
    Member
    Posted 8 months ago #

    @boogah Hey Cosper!

    Unfortunately that's not the case. You and I can take this offline but the response I got from the Service team is below:

    "Looks like there is a glitch with the forcing strong passwords. The only way around this I see at the moment is to temporarily set the user to a subscriber and then update the password.

    I found a way to only force the strong password option for administrators rather than editors and authors as it is now.

    You can add the following function to have the strong passwords setting be for only admins:

    add_filter( 'slt_fsp_caps_check', 'my_caps_check' );
    function my_caps_check( $caps ) {
    $caps[] = 'update_core';
    return $caps;
    }

    http://ryanscowles.com/2013/07/wordpress-functionality-plugins/

    See here for more info^

    Sorry about this, I know it is not ideal. It's a forced setting for security reasons and the newest version of the plugin is broken for editors/admins. So the only two ways around it are to change to a subscriber, then update or use the above option."

  11. Steve Taylor
    Member
    Plugin Author

    Posted 8 months ago #

    Hi folks,

    I contacted WPEngine about this, and this was what they said:

    Unfortunately, our developers are stretched a little thin right and do not have the time to help fix the Multisite issue. But we do have a way of disabling the plugin for problem customers until a fix is ready to go.

    Not being with WPEngine, and not being experienced with Multisite, it's hard for me to comment on these specific issues. I'm hoping a developer on WPEngine with Multisite might be able to chip in - I'm sure it's a simple fix.

    Meantime, yes, there are a few filters for you to adjust settings without using the admin settings:

    http://wordpress.org/plugins/force-strong-passwords/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.