A new constant to enforce member’s password strength

Starting in BuddyPress 10.0.0, you’ll be able to make sure your members are using a strong password to log in their account. The BuddyPress front-end corresponding action handlers (Registration & General Settings) have been improved to check password strength if the BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH specific PHP constant is defined.

Use a PHP constant to set the password strength level

The JavaScript library WordPress and BuddyPress are using to evaluate the strength of a password has 4 levels : 1 to 4 (from the weakest to the strongest). You can use one of these levels to specify the required members password strength for your site.

In the above screenshot, I’ve added this constant to my /wp-config.php file and chose to force the members to use a strong password.

/* That's all, stop editing! Happy publishing. */

What happens in the registration form?

Visitors can only register if they are using password having a strength level >= to the one you defined thanks to the PHP constant.

Otherwise, a JavaScript warning will ask them to use a stronger password and if they force the form submission the server will interrupt the registration process and return an error.

The JavaScript warning will happen before the registration form is submitted and the PHP error once it has been submitted. Below are 2 screenshots zooming on these two user feedbacks.

What happens in the Member’s General Settings screen?

It’s very similar 😁. Your members will only be able to change their old password for a new one having a strength level >= to the one you defined thanks to the PHP constant.

This new behavior is available into the two Template Packs that are included into the BuddyPress plugin: BP Nouveau (on the left in the above gallery) and BP Legacy (on the right in the gallery).

PS: all screenshots were made using the Twenty Twenty-Two theme (WordPress 5.9 next default theme).

#10-0-0, #members, #password

BP 8.0 Introduces Site Membership Invitations

With the release of BuddyPress 8.0, your BuddyPress community can grow organically by referral, attracting new members with personalized invitations from existing members. This feature is deactivated by default but can easily be enabled by visiting the BuddyPress Options screen at WP Admin > Settings > BuddyPress > Options. Enable membership invitations by ticking the checkbox labeled “Allow registered members to invite people to join this network.”

The BuddyPress Options screen, with the new invitations option highlighted.

When invitations are enabled, users can accept an invitation and register for your site even if “Anyone can register” is disabled. This means you can disable public registration and enable invitations to create a site with membership by invitation only. Or, enable public registration and use invitations as just another way to spread the word about your community.

Once invitations are enabled, your members will have access to an Invitations tab in their member profiles. Simply enter a valid email address and optionally add a personalized message to send an invitation to the new potential member via email.

The new member invitations "send invites" screen in a member's profile.

Once invitations are sent, a member can view a list of pending invitations and resend the email or cancel the invitation.

The new member invitations "pending invites" screen in a member's profile.

The invitee receives an email that includes a link to the registration form (with a customized acceptance key that allows access even if public registration is disabled). The message also includes the personalized message from the inviting user and an unsubscribe link which allows the invitee to opt out from future invitations from your site. The email’s content is customizable via the BuddyPress Emails admin interface.

The email sent to the invited user containing a personalized message and acceptance and opt-out links.

If the invitee chooses to accept the invitation, he or she can follow the customized link to the registration form.

The customized registration form that is reached by accepting an invitation.

When a new membership is the result of an invitation, the activity item will be expanded to include the name of the inviter.

The expanded activity item when a new membership is the result of an invitation.

Administration Tools

BuddyPress site admins can also view a list of all invitations and opt-outs from the WP Admin dashboard. The new screens are available at Tools > BuddyPress.

On the “Manage Invitations” screen, site admins can view pending and accepted invitations and choose to resend the email or cancel the invitation.

The WP Admin "Manage Invitation" screen available to BP site admins.

On the “Manage Opt-outs” screen, site admins can see opt-out requests, with a record of what type of email resulted in the opt-out request, and who sent the email. This screen can be used to see if any particular component or plugin or user is abusing the system to send unwanted emails that result in many opt-outs. It is also possible find a specific opt-out by searching for an email address, which is useful, for example, in the case where a user who has previously opted out changes his or her mind and would like to have the opt-out request deleted. Note that the email addresses associated with an opt-out request are hashed before being stored in the database.

The WP Admin "Manage Opt-outs" screen available to BP site admins.

We hope this new feature enriches your BuddyPress commmunity by attracting new, engaged members!

#8-0-0, #invitations, #members