Decrease the Strength Required for your WooCommerce Passwords

by Dave Green — May 1, 2017

Iconic /The Iconic Blog /WooCommerce Tutorials /Decrease the Strength Required for your WooCommerce Passwords

Following on from the post “Disable the Password Strength Meter in WooCommerce“, it turns out it’s actually possible to decrease the strength required for your customers passwords. This is likely a much better option than disabling it completely, in most scenarios.

The default strength is 3, and can range from 0 (non-existent) to 5 (ridiculously strong). You can change this by adding the following filter in you functions.php file, or adding the code using the Code Snippets plugin:

/**
 * Change min password strength.
 *
 * @author James Kemp (Iconic)
 * @link http://iconicwp.com/decrease-strength-required-woocommerce-passwords/
 * @param int $strength
 * @return int
 */
function iconic_min_password_strength( $strength ) {
    return 2;
}

add_filter( 'woocommerce_min_password_strength', 'iconic_min_password_strength', 10, 1 );

.replybox-fallback, .replybox-fallback ul { list-style: none; }

Excellent!!! Thanks heaps, this is perfect. Now to figure out changing the text on the password hint.

Is this still working?

James Kemp says:

May 15, 2018 at 9:42 am

Yep!

Reply

An author/credit comment in a 1 line function that’s just “return 2”?

James Kemp says:

March 26, 2019 at 2:27 pm

You’re welcome to remove it 😉

It’s mainly for your own reference when you come back to code later down the line.

Reply

Thank you James!!

New WooCommerce user here.
We are taking phone orders and creating users for the customer.
It would seem that 8 digits with a mix of upper lower case, numbers and characters would be sufficient but I see Woo is calling this out as weak.
What is the danger of a “weak” password for an individual customer?
Of course they don’t have admin access to the site.

Also in a github exchange Jonathan Crowell commented: “Is it possible to give me rundown on what the difference is between 3, 2, and 1. Is it just character length or something else? I have a popup instructing the user about password strength that I’d like to update with the correct info. thanks for this though, just what I was looking for”

I would love to know the answer to that.

Added it to my functions.php of my child theme and it is still asking me for 12 characters in the password field. Is there a way to lower the required character count or modify this warning message? Thanks James

Nathan Smeltzer says:

November 20, 2019 at 10:13 pm

Hey Eddie. Here’s the filter:

add_filter(‘password_hint’, ‘change_password_hint’);
function change_password_hint( $hint ) {
return __( ‘Hint: Your new password hint.’ );
}

Now to figure out the exact length/complexity for each password strength value…

Reply