Enforce strong passwords in WordPress, optimize password strength estimator

Steven     03.06.2021

Enfore strong passwords

A very easy way to enforce strong passwords in WordPress, is to disable the ‘confirm weak password’ checkbox. This way, all users, by default, will have to enter a strong password before they can continue. That is, in case they want to change (e.g. forgot) their passwords. Existing passwords are not enforced to change in this way. Code to be added in your theme’s function.php:

function hide_weak_password() {
  // remove the 'confirm weak password' link from the password reset dialog ?>
    document.addEventListener("DOMContentLoaded", function(event) { 
      var elements = document.getElementsByClassName('pw-weak');
      var requiredElement = elements[0];
<?php }
add_action( 'login_enqueue_scripts', 'hide_weak_password' );

Optimize password strength estimator

WordPress uses the popular zxcvbn password strength estimator to indicate password strength. As this add-on is not so lightweight, it makes sense to disable it on all pages, except login and user profile screens. Add below code in functions.php as well:

// disable default loading of password strength script, except on profile and login pages
function deregister_password_script() {
  if ($GLOBALS['pagenow'] != 'wp-login.php' && $GLOBALS['pagenow'] != 'profile.php') {
add_action('wp_print_scripts', 'deregister_password_script', 100);



WordPress 403 Forbidden after using WordPress app

Wordpress 403 Forbidden errors typically happen with corrupt .htaccess or faulty file/folder permissions. A third common cause is often overlooked: the use of the Wordpress app through XML-RPC.

The right way to serve responsive images (srcset and sizes attribute) with WordPress and Bootstrap 5

The most confusing thing when you inspect responsive images is the fact that the browser takes into account the DPR (Device Pixel Ratio) in order to download the most appropriate image size. Find out here how to serve your visitors responsive images.

How to host font files locally and preload them

Custom fonts are a great way to improve your online visual appearance. In order to make sure that custom fonts don't slow down your website, make sure you (i) host the font files locally and (ii) preload them. This article describes the process of obtaining and serving font files from your own server, as well as preloading the right font file for faster website loading.