Support » Plugin: iThemes Security (formerly Better WP Security) » Enabling Strong Passwords causes headers already sent error

  • Hiya,

    When enabling strong passwords if you go to your profile and save without putting anything in to the password fields I get:

    Warning: Cannot modify header information – headers already sent by (output started at /<path>/wp-content/plugins/better-wp-security/modules/free/strong-passwords/class-itsec-strong-passwords.php:84) in /<path>/wp-includes/pluggable.php on line 896

    line 84 of class-itsec-strong-passwords.php is:

    alert( '<?php _e( "Sorry, but you must enter a strong password", "ithemes-security" ); ?>' );

    If I enter a strong password and save, the above error is repeated for
    pluggable.php on line 695-700, 703-706, 709-712, 768-680 and 686 (in that order).

    Disabling the strong password option and you can save profile with or without updating the password.

    Regards,
    Fred

    https://wordpress.org/plugins/better-wp-security/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Same here. No solution found, yet?

    Nathan M

    (@morrisnathangmailcom)

    I have also found that the Forgotten Password reset displays that error message “Sorry, but you must enter a strong password” no matter the password strength. So user based password resets are not working at all.
    I don’t see the password strength meter on the Forgotten Password reset page like on the Profile page (not sure if it is even supposd to be there).

    This is pretty unfortunate, since strong password enforcement is fundamental security measure, and yet we need to turn it off.

    I have this problem now and cant reset the admin password. How do I resolve this to get in please?
    Forgot Password reset displays that error message “Sorry, but you must enter a strong password” no matter the password strength I try, it just does not work.

    I can’t reset the admin password either. I used KeyChain to generate a random password – even up to 25 characters long with everything known to mankind in there and it still says it needs a strong password!

    I am on the latest patches for everything – WP 4.1 etc..

    Tested this and it seems to work fine using the standard WP password reset screen.
    Is there a password strenght indicator displayed on your password reset screen ?

    If the password strenght indicator is missing it will not work.
    Or perhaps you are using a fully customized login\reset screen with a non standard login\reset form id.

    The iTSec plugin strong password javascript\JQuery code assumes a login\reset form with id=”resetpassform” … check your html …

    jQuery( document ).ready( function () {
    jQuery( '#resetpassform' ).submit( function () {
    if ( ! jQuery( '#pass-strength-result' ).hasClass( 'strong' ) ) {
    alert( 'Sorry, but you must enter a strong password' );
    return false;
    }
    } );
    } );

    If the above info helps you solve the issue please mark this topic as ‘Resolved’.

    dwinden

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Enabling Strong Passwords causes headers already sent error’ is closed to new replies.