There have been 2 fixes and 1 enhancement to the Strong Password Enforcement feature in the latest 5.7.1 release. According to the 5.7.1 Changelog:
Bug Fix: Improved how Strong Password Enforcement works on password resets to improve compatibility with various plugins.
Bug Fix: Improved the logic for determining whether a user should have Strong Password Enforcement applied. This covers situations where the user may have a custom role, a customized default role, or added capabilities beyond their role.
Enhancement: Strong Password Enforcement now uses a PHP port of zxcvbn to ensure that a strong password was selected.
I think it is the enhancement to the Strong Password Enforcement feature that is causing your issue.
As a workaround you could deactivate and then delete the 5.7.1 plugin release. Then reinstall the older 5.7.0 plugin release. Or simply disable the Strong Password Enforcement feature in the 5.7.1 release.
If you are interested in how zxcvbn exactly contributes to stronger passwords read this.
Thanks pronl for the info. I would still like to see this fixed in a future release.
@jaxrachel
I think I’ve found where the bug is and how to fix it.
It’s a very simple fix. Does need a change in the code which means the fix
will be undone when updating the plugin.
-
This reply was modified 7 years, 4 months ago by pronl.
Same problem for me. Moreover, iTheme doesn’t respect the min. role for enforcement : I set it to “contributor” and but it’s active for “Subscriber”.
Thanks.
@alysko
Moreover, iTheme doesn’t respect the min. role for enforcement : I set it to “contributor” and but it’s active for “Subscriber”.
What action are you performing when observing this behavior:
1. Updating profile of an existing (subscriber) user (within WordPress Dashboard).
2. Creating a new (subscriber) user (within WordPress Dashboard).
3. Resetting password for an existing (subscriber) user (following the Lost your password? link on the login page).
-
This reply was modified 7 years, 2 months ago by pronl.
This is still an issue in 6.2.1
Any word on when this will be fixed?
Same issue here in 6.2.1
Can’t reset password because it keeps saying it is not strong. Mine happens on scenario 3 – resetting password for existing user. Have not tested the other scenarios.
@kate515
… and this is happening while using WordPress 4.8 ?
The reason why I ask is because WordPress 4.8 includes an updated zxcvbn library for the strong password meter (1.0 to version 4.4.1).