- This topic has 10 replies, 4 voices, and was last updated 3 years ago by
.
-
Posts
-
The advanced settings allow me to “Force Strong Password”. However, I would like the ability to set a minimum password length. Password must be at least 12 characters.
Increasing the password length past 12 characters will not make the site more secure; it will only frustrate members. Everything depends on the security of the WordPress installation and the admin user account password itself; not on the strength of non-admin membership user accounts.
With that said… Because this is an open source product; I’m only offering enough information, so that an experienced programmer can make the changes you desire. Look in the classes/class.swpm-form.php file for the protected password member of the SwpmForm class. You can make your desired modifications there. Be aware that your modifications will be wiped out, the next time you update the plugin.
@TheAssurer
Respectfully, I do not agree with the statement that “Increasing the password length past 12 characters will not make the site more secure”.Longer passwords are proven to be SIGNIFICANTLY harder to exploit/crack compared to shorter passwords.
https://www.hivesystems.io/blog/are-your-passwords-in-the-greenHowever, security is a layer approach. If the WordPress site has vulnerable code, then it won’t matter if the user is protecting their account with an 8 or 28 character password.
I’m simply stating that it would be awesome if Simple Membership could offer the ability to enforce a password complexity policy. More granular controls, compared to what currently exists. Such as, adding the ability to set a max password length.
This new setting should be optional. Let the site administrator decide if they want to enable/disable this feature.
I will add a new filter hook in the plugin that should allow the minimum password length to be overridden on some sites.
@Admin
I upgraded to v4.2.2 of the simple membership plugin. I don’t see any options (in the Advanced Settings tab) that would allow me to set a minimum password length. Does the password policy need to be set using a different WP plugin?I have added the filter hooks (required for this) in the core plugin. Next, I need to create a small addon that will allow the overriding to happen on sites that want to override it. It will be a few days before I can have that addon ready.
The following free extension should override the password length to a minimum of 12 characters long:
https://simple-membership-plugin.com/simple-membership-minimum-password-length-override-addon/
Hi Admin,
This is a wonderful free extension to override the password length, making it 12 characters long.
To strengthen password security I think that a user password would also benefit from adding a requirement for the standard group of allowed special characters (# $ @ etc.), plus a way to enforce it. (Not something I would know how to do, unfortunately.)
I wondered, if possible, if you could modify the extension to add a special character requirement with enforcement, post it here for use? This would be a great help, making user data even more secure.
Thank you again for this wonderful extension and your kind and generous help.
Best Wishes,
saratogacoach
- You must be logged in to reply to this topic.