Enforce strong passwords in WordPress, optimize password strength estimator

Steven     03.06.2021

Enfore strong passwords

A very easy way to enforce strong passwords in WordPress, is to disable the ‘confirm weak password’ checkbox. This way, all users, by default, will have to enter a strong password before they can continue. That is, in case they want to change (e.g. forgot) their passwords. Existing passwords are not enforced to change in this way. Code to be added in your theme’s function.php:

function hide_weak_password() {
  // remove the 'confirm weak password' link from the password reset dialog ?>
  <script>
    document.addEventListener("DOMContentLoaded", function(event) { 
      var elements = document.getElementsByClassName('pw-weak');
      var requiredElement = elements[0];
      if(requiredElement){
        requiredElement.remove();
      }
    });
</script>
<?php }
add_action( 'login_enqueue_scripts', 'hide_weak_password' );

Optimize password strength estimator

WordPress uses the popular zxcvbn password strength estimator to indicate password strength. As this add-on is not so lightweight, it makes sense to disable it on all pages, except login and user profile screens. Add below code in functions.php as well:

// disable default loading of password strength script, except on profile and login pages
function deregister_password_script() {
  if ($GLOBALS['pagenow'] != 'wp-login.php' && $GLOBALS['pagenow'] != 'profile.php') {
    wp_dequeue_script('zxcvbn-async');
    wp_deregister_script('zxcvbn-async'); 
  }
}
add_action('wp_print_scripts', 'deregister_password_script', 100);

Comment

Related

Fontawesome performance 2 tips: better host locally and include only icons you actually use

Choose the right way to load and use Fontawesome icons. In this article we explain how to host the icons locally to minimize the number of external requests. Also, we optimize performance by only including used icons.

How to host font files locally and preload them

Custom fonts are a great way to improve your online visual appearance. In order to make sure that custom fonts don't slow down your website, make sure you (i) host the font files locally and (ii) preload them. This article describes the process of obtaining and serving font files from your own server, as well as preloading the right font file for faster website loading.

The right way to serve responsive images (srcset and sizes attribute) with WordPress and Bootstrap 5

The most confusing thing when you inspect responsive images is the fact that the browser takes into account the DPR (Device Pixel Ratio) in order to download the most appropriate image size. Find out here how to serve your visitors responsive images.