A new constant to enforce member’s password strength

Starting in BuddyPress 10.0.0, you’ll be able to make sure your members are using a strong password to log in their account. The BuddyPress front-end corresponding action handlers (Registration & General Settings) have been improved to check password strength if the BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH specific PHP constant is defined.

Use a PHP constant to set the password strength level

The JavaScript library WordPress and BuddyPress are using to evaluate the strength of a password has 4 levels : 1 to 4 (from the weakest to the strongest). You can use one of these levels to specify the required members password strength for your site.

In the above screenshot, I’ve added this constant to my /wp-config.php file and chose to force the members to use a strong password.

/* That's all, stop editing! Happy publishing. */

What happens in the registration form?

Visitors can only register if they are using password having a strength level >= to the one you defined thanks to the PHP constant.

Otherwise, a JavaScript warning will ask them to use a stronger password and if they force the form submission the server will interrupt the registration process and return an error.

The JavaScript warning will happen before the registration form is submitted and the PHP error once it has been submitted. Below are 2 screenshots zooming on these two user feedbacks.

What happens in the Member’s General Settings screen?

It’s very similar 😁. Your members will only be able to change their old password for a new one having a strength level >= to the one you defined thanks to the PHP constant.

This new behavior is available into the two Template Packs that are included into the BuddyPress plugin: BP Nouveau (on the left in the above gallery) and BP Legacy (on the right in the gallery).

PS: all screenshots were made using the Twenty Twenty-Two theme (WordPress 5.9 next default theme).

#10-0-0, #members, #password