Password Strength Meter Customization in WooCommerce
On the screenshot below you can see how the password strength meter works by default.
And the below code allows to change that. You can configure it the way that any passwords will be accepted or only strong passwords will be allowed – just as you want.
/**
* Change the strength requirement on the woocommerce password
*
* Strength Settings
* 4 = Strong
* 3 = Medium (default)
* 2 = Also Weak but a little stronger
* 1 = Password should be at least Weak
* 0 = Very Weak / Anything
*/
add_filter( 'woocommerce_min_password_strength', 'misha_change_password_strength' );
function misha_change_password_strength( $strength ) {
return 4;
}
I decided to ask users for the most strongest passwords here.
By the way, there is another action hook that allows to set the minimum accepted passwords strength. And with this hook you can also change the password error message and the hint.
add_filter( 'woocommerce_get_script_data', 'misha_strength_meter_settings', 20, 2 );
function misha_strength_meter_settings( $params, $handle ) {
if( $handle === 'wc-password-strength-meter' ) {
$params = array_merge( $params, array(
'min_password_strength' => 4,
'i18n_password_error' => 'Do not you want to be protected? Make it stronger!',
'i18n_password_hint' => 'Yes, I know, it is simple to use the same weak password each time for all websites you use. I\'m sorry, but I won\'t let you do so, just because I care about your account security. Please make your password at least 7 characters long and use a mix of UPPER and lowercase letters, numbers, and symbols (e.g., ! " ? $ % ^ & ).'
) );
}
return $params;
}
And we can also change “Weak”, “Medium”, “Strong” messages! Let’s do it.
add_action( 'wp_enqueue_scripts', 'misha_password_messages', 9999 );
function misha_password_messages() {
wp_localize_script( 'wc-password-strength-meter', 'pwsL10n', array(
'short' => 'Too short',
'bad' => 'Too bad',
'good' => 'Better but not enough',
'strong' => 'Better',
'mismatch' => 'Your passwords do not match, please re-enter them.'
) );
}
My result:
Completely Deactivate Password Strength Meter
If you do not care at all what passwords your customers will use, insert the following piece of code to your current theme functions.php and that’s all you need to do.
/**
* Remove the password strength meter script from the scripts queue
* you can also use wp_print_scripts hook
*/
add_action( 'wp_enqueue_scripts', 'misha_deactivate_pass_strength_meter', 10 );
function misha_deactivate_pass_strength_meter() {
wp_dequeue_script( 'wc-password-strength-meter' );
}
The password strength meter will be deactivated on both My Account and Checkout pages.
Misha Rudrastyh
I develop websites since 2008, so it is total of 13 years of experience, oh my gosh. Most of all I love love love to create websites with WordPress and Gutenberg, some ideas and thoughts I share throughout my blog.
Need some developer help? Contact me
hi, the above code works great.
how would you change it for the reset password page, that one still calls for a hard password.
Hi,
I never did that 🙃
Hi there… I’m getting the following warning that’s filling up my log file when I use this code. Any ideas why $Data isn’t being passed through as an Array?
PHP Warning: array_merge(): Argument #1 is not an array in /home/…/functions.php on line 228
Hi,
Hmm.. for me it works without warnings. Try to
print_r( $data )and look what is inside.Lots of people are with woo 3.3+ I’ve changed the code to use the supported approach now. Since this method is deprecated.
Yes, you’re right.
I replaced the deprecated
wc_password_strength_meter_paramsfilter hook with the actual onewoocommerce_get_script_data.Thanks for your comment.
I just leave the old code here for anyone who are using the old WooCommerce version.
add_filter( 'wc_password_strength_meter_params', 'misha_strength_meter_settings' ); function misha_strength_meter_settings( $data ) { return array_merge( $data, array( 'min_password_strength' => 4, 'i18n_password_error' => 'Do not you want to be protected? Make it stronger!', 'i18n_password_hint' => 'some hint' ) ); }More info about the deprecated hooks replacement is in this tutorial.
Hi i use your code in my active child theme but nothing happen
http://7generation.ma/my-account/
it’s not displaying any meter
can you check
Hi
I need password length strong for ‘8’, can anyone help me where I need to change please?
Thanks man. It worked perfectly on the latest woocommerce as of today.
So Simple :-)
Hi,
is it possible to disable the checkout button if the password is not strong enough? Currently the password strength meter is shown but customer can still checkout.
Thanks,
Kate
Hi Kate,
Strange, for me it already works by default:
But you could try to get the password strength and depending on it do whatever you want 🙃
Hello Misha, first thank you, your blog is awesome.
Im having problem with registration and checkout password validation.
Even though meter appears requesting strong password, if i type 1234 (thats a very weak one) im able to register or checkout. I mean, there is no validation if its weak or not, it seems like the meter is useless as the user can input anything and still be able to register/checkout.
The only page where password validation works like your example is when the person gets a reset password email.
How can I enable password validation in registration and checkout just like reset pass page and as in your example?
Thanks
Can I put the removal of the password into snippets (plugin for making plugins)