Make WordPress Core

Opened 15 months ago

Last modified 15 months ago

#40233 new defect (bug)

Password policy is not applied to new registrations

Reported by: robdxw Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.3
Component: Login and Registration Keywords: needs-patch needs-screenshots
Focuses: ui Cc:


If you create a new user from within the admin panel, or are an existing user modifying your password, you are required to tick the "Confirm use of weak password" box if you override the default generated password with a weak one of your own choosing.

However, if you are registering as a new user, you are free to create a weak password without having to tick any such box.

The policy should be applied consistently in both places.

Change History (2)

#1 @johnbillion
15 months ago

  • Focuses ui added
  • Keywords needs-patch needs-screenshots added
  • Version changed from 4.7 to 4.3

Related: #33167

#2 @lukecavanagh
15 months ago

wp-admin/user-edit.php wp-admin/user-new.php

Class pw-checkbox

Would be the two spots where that is used currently.

Note: See TracTickets for help on using tickets.