Password Strength Meter Customization
WooCommerce has a built-in password strength meter, which you can find for example in My Account – Account details. And as everything else in WooCommerce, it has a pretty neat customization with hooks.
Here is how it looks and works by default:
WooCommerce password strength meter is only applied to the following fields:
form.register #reg_password– registration form when customers allowed to choose passwords,form.checkout #account_password– checkout form when customers allowed to choose passwords,form.edit-account #password_1– on My Account – Account Details page,form.lost_reset_password #password_1– on reset password page.
These selectors are hard-coded into password-strength-meter.min.js so there is no easy way to add any other fields here.
How to Change Minimum Password Strength Required
On the screenshot above you may see that the button “Save changes” becomes active only when a password with minimum “Medium” strength is entered.
Okay, woocommerce_min_password_strength hook allows to change that. You can configure it the way that any passwords will be accepted or only strong passwords will be allowed – just as you want.
/**
* Change the strength requirement for WooCommerce passwords
*
* @author Misha Rudrastyh
* @url https://rudrastyh.com/woocommerce/password-strength-meter.html#change-minimum-strength
*
* Strength Settings
* 4 = Strong
* 3 = Medium (default)
* 2 = Also Weak but a little bit stronger
* 1 = Password should be at least Weak
* 0 = Very Weak / Anything
*/
add_filter( 'woocommerce_min_password_strength', 'misha_change_password_strength' );
function misha_change_password_strength( $strength ) {
return 4;
}I set the minimum strength to 4 which means that medium-strength passwords are not enough and only strong-strength passwords will be accepted.
Another extreme is to set 0 or 1 in the hook if you want for example WooCommerce password strength change to 6 chars. But I think, if you would like to allow weak passwords, pass at least 2 strength value in the hook.
And there is also an alternate way of changing the minimum required password strength, can be done with woocommerce_get_script_data filter hook. I recommend the first way anyway, but I will leave the below snippet here for completeness.
/**
* Change minimum password strength requirement
*
* @author Misha Rudrastyh
* @url https://rudrastyh.com/woocommerce/password-strength-meter.html#change-minimum-strength
*/
add_filter( 'woocommerce_get_script_data', 'misha_change_password_strength_2', 99 );
function misha_change_password_strength_2( $params, $handle ) {
if( 'wc-password-strength-meter' === $handle ) {
$params[ 'min_password_strength' ] = 4;
}
return $params;
}Custom Password Error Messages
In this part I am going to introduce you two hooks – woocommerce_get_script_data and wp_enqueue_scripts that allow to change the messages that will be displayed to users indicating the strength of passwords entered.
add_filter( 'woocommerce_get_script_data', 'misha_strength_meter_settings', 20, 2 );
function misha_strength_meter_settings( $params, $handle ) {
if( 'wc-password-strength-meter' === $handle ) {
$params[ 'i18n_password_error' ] = 'Do not you want to be protected? Make it stronger!';
$params[ 'i18n_password_hint' ] = 'Yes, I know, it is simple to use the same weak password each time for all websites you use. I\'m sorry, but I won\'t let you do so, just because I care about your account security. Please make your password at least 7 characters long and use a mix of UPPER and lowercase letters, numbers, and symbols (e.g., ! " ? $ % ^ & ).';
}
return $params;
}Hook woocommerce_get_script_data can also be used to set a minimum password strength and to disable checkout with weak passwords.
If you just want to change a password hint, consider using password_hint filter for that.
And also we can change “Weak”, “Medium”, “Strong” messages!
add_action( 'wp_enqueue_scripts', 'misha_password_messages', 9999 );
function misha_password_messages() {
wp_localize_script(
'wc-password-strength-meter',
'pwsL10n',
array(
'short' => 'Too short',
'bad' => 'Too bad',
'good' => 'Better but not enough',
'strong' => 'Better',
'mismatch' => 'Your passwords do not match, please re-enter them.'
)
);
}My result:
Remove Password Strength Meter
If you do not really care what passwords your customers are going to use, insert the following piece of code to your current theme functions.php or a custom plugin.
/**
* Remove the password strength meter script from the scripts queue
*
* @author Misha Rudrastyh
* @url https://rudrastyh.com/woocommerce/password-strength-meter.html#deactivate
*/
add_action( 'wp_enqueue_scripts', 'misha_deactivate_pass_strength_meter', 10 );
function misha_deactivate_pass_strength_meter() {
wp_dequeue_script( 'wc-password-strength-meter' );
}The password strength meter will be deactivated in My account, Checkout, Registration and Lost password pages.
It doesn’t affect standard WordPress register or admin pages by the way. But you could’ve guessed it by the script name, that starts with wc-.
Misha Rudrastyh
Hey guys and welcome to my website. For more than 10 years I've been doing my best to share with you some superb WordPress guides and tips for free.
Need some developer help? Contact me
hi, the above code works great.
how would you change it for the reset password page, that one still calls for a hard password.
Hey,
I suppose you mean default WordPress password reset pages. There is a completely different password strength meter script is being used ;)
Hi there… I’m getting the following warning that’s filling up my log file when I use this code. Any ideas why $Data isn’t being passed through as an Array?
PHP Warning: array_merge(): Argument #1 is not an array in /home/…/functions.php on line 228
Hi,
Hmm.. for me it works without warnings. Try to
print_r( $data )and look what is inside.Lots of people are with woo 3.3+ I’ve changed the code to use the supported approach now. Since this method is deprecated.
Yes, you’re right.
I replaced the deprecated
wc_password_strength_meter_paramsfilter hook with the actual onewoocommerce_get_script_data.Thanks for your comment.
I just leave the old code here for anyone who are using the old WooCommerce version.
More info about the deprecated hooks replacement is in this tutorial.
Hi
I need password length strong for ‘8’, can anyone help me where I need to change please?
Thanks man. It worked perfectly on the latest woocommerce as of today.
So Simple :-)
Hi,
is it possible to disable the checkout button if the password is not strong enough? Currently the password strength meter is shown but customer can still checkout.
Thanks,
Kate
Hi Kate,
Yep, you can do it with
woocommerce_get_script_dataas well. Example:Or with
woocommerce_enforce_password_strength_meter_on_checkout.Hello Misha, first thank you, your blog is awesome.
Im having problem with registration and checkout password validation.
Even though meter appears requesting strong password, if i type 1234 (thats a very weak one) im able to register or checkout. I mean, there is no validation if its weak or not, it seems like the meter is useless as the user can input anything and still be able to register/checkout.
The only page where password validation works like your example is when the person gets a reset password email.
How can I enable password validation in registration and checkout just like reset pass page and as in your example?
Thanks
Can I put the removal of the password into snippets (plugin for making plugins)
Sure