Notifications
Clear all

[Closed] Enforce minimum password complexity?

13 Posts
2 Users
2 Likes
782 Views
Posts: 14
Topic starter
(@ozarkrepair)
Eminent Member
Joined: 1 year ago

Is there a way to have some control over the minimum password complexity that is compatible with wpForo?

Maybe a plugin which can help?

I see that in the wpForo user account page, there is a section near the bottom for the user to reset their password and a comment of: "Must be minimum 6 characters."  I'd like to increase that.

Also, in this user account password reset section, wpForo truncates passwords to 20 characters but doesn't mention this to the user or in the comment, so it's confusing for a user to paste in a long password greater than 20 chars from a password generator and then find out their password doesn't work the next time the user tries to log in.  Perhaps the comment could be updated to something like: "Must be a minimum of 6 and maximum of 20 characters."

Ideally though, I'd like a way to specify and enforce a minimum password complexity policy.

Any feedback on that would be much appreciated, thanks!

12 Replies
Posts: 14
Topic starter
(@ozarkrepair)
Eminent Member
Joined: 1 year ago

Ah, maybe `wpforo_pass_min_length` and `wpforo_pass_max_length` filters from here which I didn't see on my first search through past posts.  Still interested to hear if this is the best way to accomplish password complexity policy for wpForo.  Thanks!

Posts: 14
Topic starter
(@ozarkrepair)
Eminent Member
Joined: 1 year ago

Oh, and now I see in the wpForo phrases tab, there is already a comment I'm looking for with minimum and maximum character lengths mentioned.  It has an id of 142.  The current comment that is used stating only the minimum password length is comment id 125.  How can I make the user account password reset area use comment ID 142 instead of 125 to show the max password length automatically as well?  Or I suppose if it's not possible to change id assignments, I can just edit id 125 to match whatever min and max lengths are and keep them in sync manually whenever I do any updates to those.

1 Reply
Chris
(@chris)
Joined: 3 years ago

Famed Member
Posts: 3650

@ozarkrepair,

Just Edit the needed Phrase and write what you need.

Posts: 14
Topic starter
(@ozarkrepair)
Eminent Member
Joined: 1 year ago

Thank you.  Now to figure out why adding min/max length php code snippets don't seem to work or have any effect.  That looks like a different issue unrelated to wpForo, though.  Probably a conflict between the theme and wpcode plugin or something similar.  More debugging...

Posts: 14
Topic starter
(@ozarkrepair)
Eminent Member
Joined: 1 year ago

Hi @chris,

I got WPCode code snippet working with a "universal" snippet type, and have the following code snippet active on all pages for testing:

<?php
file_put_contents("/var/lib/wordpress/debug/foobar.txt", "testing\n");
add_filter('wpforo_pass_min_length', function ($length){ return 20; } );
add_filter('wpforo_pass_max_length', function ($length){ return 60; } );
echo "foobar";
?>

The min and max above are just extreme examples to test with.

I can verify the code snippet is being run, because I can see "foobar" text output on every page from the `echo`, and also I see the test file being written to in the operating system from the `file_put_contents`.

When I go to the wpForo user account page, I can still change the password with min 6 characters.

Any idea why this code snippet doesn't have any effect?

Page 1 / 2