Tips

Disable the Password Strength Meter in WooCommerce

It might be better to decrease the password strength, instead?

It’s not necessarily advised, but forcing strong passwords on your WooCommerce store can sometimes deter customers from processing their order. For the average person, the strength at which WooCommerce/Wordpress require their passwords to be is above and beyond anything the customer will remember. Personally, I use 1password to generate and store all of my passwords, so this is not an issue for me, but your customers may not be as tech-savvy.

Disabling strong passwords should be done at your own discretion, but until WordPress make the password strength parameters editable, I imagine many people will want to do it. You can add the following code to your theme’s functions.php file.

/**
 * Remove password strength check.
 */
function iconic_remove_password_strength() {
    wp_dequeue_script( 'wc-password-strength-meter' );
}
add_action( 'wp_print_scripts', 'iconic_remove_password_strength', 10 );

 

Avatar

James is the founder of Iconic and an experienced WooCommerce plugin developer. He has been featured on numerous WordPress publications.

He is a keen photographer and currently shoots using his favourite mirrorless camera, a Fuji X-T20.

13 Responses

Avatar

Hundreds of cart-abandoners later, a client's customer finally cracks - "I almost bought from the other guys, that password thing on your checkout page is nuts."

Thanks for the snippet. Considering that even the most basic password I could possibly be comfortable using was able to pass the built-in security check... it makes me cringe to disable it but what can you do. It just amazes me that people will choose the path of least resistance over the path of most security, even when their financial information is involved :( Thanks again!

Avatar
John Darrel 3 years ago

I think that a better solution would be to prevent password-strength-meter from loading in WordPress at all if the user is not logged in.

add_action( 'wp_default_scripts', function($scripts){
if(!is_user_logged_in()) {
$scripts->remove('password-strength-meter');
}
return $scripts;
} );

Avatar
Luke Cavanagh 4 years ago

Why WP and WC by default loads these JS files as HTTP requests on homepage, seems like something that should be changed. I can understand loading on checkout, my account and lost password.

/woocommerce/assets/js/frontend/password-strength-meter.min.js
/wp-includes/js/zxcvbn-async.min.js
/wp-admin/js/password-strength-meter.min.js

Leave a Reply

Your email address will not be published. Required fields are marked *