Password Strength Meter Customization

WooCommerce has a built-in password strength meter, which you can find for example in My Account – Account details. And as everything else in WooCommerce, it has a pretty neat customization with hooks.

Here is how it looks and works by default:

WooCommerce password strength method in Storefront theme
The button becomes active with Medium password strength.

WooCommerce password strength meter is only applied to the following fields:

  • form.register #reg_password – registration form when customers allowed to choose passwords,
  • form.checkout #account_password – checkout form when customers allowed to choose passwords,
  • form.edit-account #password_1 – on My Account – Account Details page,
  • form.lost_reset_password #password_1 – on reset password page.

These selectors are hard-coded into password-strength-meter.min.js so there is no easy way to add any other fields here.

How to Change Minimum Password Strength Required

On the screenshot above you may see that the button “Save changes” becomes active only when a password with minimum “Medium” strength is entered.

Okay, woocommerce_min_password_strength hook allows to change that. You can configure it the way that any passwords will be accepted or only strong passwords will be allowed – just as you want.

/**
 * Change the strength requirement for WooCommerce passwords
 *
 * @author Misha Rudrastyh
 * @url https://rudrastyh.com/woocommerce/password-strength-meter.html#change-minimum-strength
 *
 * Strength Settings
 * 4 = Strong
 * 3 = Medium (default) 
 * 2 = Also Weak but a little bit stronger 
 * 1 = Password should be at least Weak
 * 0 = Very Weak / Anything
 */
add_filter( 'woocommerce_min_password_strength', 'misha_change_password_strength' );

function misha_change_password_strength( $strength ) {
	 return 4;
}

I set the minimum strength to 4 which means that medium-strength passwords are not enough and only strong-strength passwords will be accepted.

change minimum password strength in WooCommerce

Another extreme is to set 0 or 1 in the hook if you want for example WooCommerce password strength change to 6 chars. But I think, if you would like to allow weak passwords, pass at least 2 strength value in the hook.

And there is also an alternate way of changing the minimum required password strength, can be done with woocommerce_get_script_data filter hook. I recommend the first way anyway, but I will leave the below snippet here for completeness.

/**
 * Change minimum password strength requirement
 *
 * @author Misha Rudrastyh
 * @url https://rudrastyh.com/woocommerce/password-strength-meter.html#change-minimum-strength
 */
add_filter( 'woocommerce_get_script_data', 'misha_change_password_strength_2', 99 );

function misha_change_password_strength_2( $params, $handle ) {
	if( 'wc-password-strength-meter' === $handle ) {
		$params[ 'min_password_strength' ] = 4;
	}
	return $params;
}

Custom Password Error Messages

In this part I am going to introduce you two hooks – woocommerce_get_script_data and wp_enqueue_scripts that allow to change the messages that will be displayed to users indicating the strength of passwords entered.

add_filter( 'woocommerce_get_script_data', 'misha_strength_meter_settings', 20, 2 );

function misha_strength_meter_settings( $params, $handle  ) {

	if( 'wc-password-strength-meter' === $handle ) {
		$params[ 'i18n_password_error' ] = 'Do not you want to be protected? Make it stronger!';
		$params[ 'i18n_password_hint' ] = 'Yes, I know, it is simple to use the same weak password each time for all websites you use. I\'m sorry, but I won\'t let you do so, just because I care about your account security. Please make your password at least 7 characters long and use a mix of UPPER and lowercase letters, numbers, and symbols (e.g.,  ! " ? $ % ^ & ).';
	}
	
	return $params;

}

Hook woocommerce_get_script_data can also be used to set a minimum password strength and to disable checkout with weak passwords.

If you just want to change a password hint, consider using password_hint filter for that.

And also we can change “Weak”, “Medium”, “Strong” messages!

add_action( 'wp_enqueue_scripts',  'misha_password_messages', 9999 );

function misha_password_messages() {

	wp_localize_script( 
		'wc-password-strength-meter', 
		'pwsL10n', 
		array(
			'short' => 'Too short',
			'bad' => 'Too bad',
			'good' => 'Better but not enough',
			'strong' => 'Better',
			'mismatch' => 'Your passwords do not match, please re-enter them.'
		)
	);
    
}

My result:

WooCommerce password strength meter customization

Remove Password Strength Meter

If you do not really care what passwords your customers are going to use, insert the following piece of code to your current theme functions.php or a custom plugin.

/**
 * Remove the password strength meter script from the scripts queue
 *
 * @author Misha Rudrastyh
 * @url https://rudrastyh.com/woocommerce/password-strength-meter.html#deactivate
 */
add_action( 'wp_enqueue_scripts', 'misha_deactivate_pass_strength_meter', 10 );
function misha_deactivate_pass_strength_meter() {

	wp_dequeue_script( 'wc-password-strength-meter' );
	
}

The password strength meter will be deactivated in My account, Checkout, Registration and Lost password pages.

It doesn’t affect standard WordPress register or admin pages by the way. But you could’ve guessed it by the script name, that starts with wc-.

Misha Rudrastyh

Misha Rudrastyh

Hey guys and welcome to my website. For more than 10 years I've been doing my best to share with you some superb WordPress guides and tips for free.

Need some developer help? Contact me

Follow me on X