Require strong password not being enforced in password recovery
-
I have the “require administrators to use strong password” option checked and “Lock out after how many login failures” and “Lock out after how many forgot password attempts in my settings” set to 5 times.
When the admin user performs a password recovery, they are seemingly able to set a weak password and WordPress doesn’t give them any warnings.
Later, when the admin user tries to log in with the weak password, the weak password is rejected.
They either try to log in a few more times with the weak password or do more password recoveries and end up getting locked out.
Is there any way to disallow the weak passwords when using password recovery?
- The topic ‘Require strong password not being enforced in password recovery’ is closed to new replies.
