Weak passwords are being allowed when creating account on checkout | WordPress.org

Resolved jwiere03
(@jwiere03)

3 years, 11 months ago

I have recently noticed on multiple sites that people creating accounts on the checkout page are able to use weak passwords. The meter says weak but if you submit the order the account is created anyway. I have checked and it seems that weak passwords are stopped for other types of registration so it seems to be a WooCommerce issue?

The first site was heavily customized by someone else years ago so I thought he had unhooked something. But I have since found it on a couple of other sites. Is there a bug allowing these?

Viewing 2 replies - 1 through 2 (of 2 total)

3 Sons Development – a11n
(@3sonsdevelopment)

3 years, 11 months ago

Hey @jwiere03,

I believe this is the intended behavior. The developers don’t want to cause additional friction in checking out. One way around it is to have the password automatically generated for the customer. That keeps it strong and also prevents it from being a sticking point at checkout.

Here’s a GitHub thread that talks a bit more about it:

https://github.com/woocommerce/woocommerce/issues/16603#issuecomment-324876990

Cheers

Thread Starter jwiere03
(@jwiere03)

3 years, 11 months ago

Thanks for the information @3sonsdevelopment I had been under the impression that these signups used the core password requirements unless you unhooked them. I will look into creating some custom requirements for this.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Weak passwords are being allowed when creating account on checkout’ is closed to new replies.

Tags

In: Plugins
2 replies
2 participants
Last reply from: jwiere03
Last activity: 3 years, 11 months ago
Status: resolved