WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#5404 closed enhancement (duplicate)

Add pluggable function to enforce password strength

Reported by: pishmishy Owned by: pishmishy
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords: has-patch
Focuses: Cc:

Description

Patch adds an extra option (disabled by default) to force users to chose secure passwords. A plugin replaceable function is called at the appropriate time to check the strength of the password. I realize that this functionality could be achieved through a plugin but I'd like to make the case that the extra security gained against brute force attacks makes it worth including. See also #4470 (Ideally I should really rewrite the function to replicate that javascript function).

Attachments (1)

5404.patch (3.8 KB) - added by pishmishy 6 years ago.

Download all attachments as: .zip

Change History (6)

pishmishy6 years ago

comment:1 pishmishy6 years ago

  • Keywords has-patch added

Ignore my comment on #4470. With after thought I don't think that Javascript function isn't great. checkRepetition() isn't well documented, the algorithm isn't clear (why check for symbols, numbers and then again for symbols and numbers - surely the score would take that into account naturally?).

Preferring my patch for now.

comment:2 pishmishy6 years ago

  • Status changed from new to assigned

comment:3 darkdragon6 years ago

Well, since you are doing this, then ignore my other comment.

comment:4 JDTrower6 years ago

A patch has been posted on #4470 that includes the functionality requested in this ticket. That patch needs testing.

comment:5 pishmishy6 years ago

  • Milestone 2.6 deleted
  • Resolution set to duplicate
  • Status changed from assigned to closed

Thanks. Closing as duplicate of 4470.

Note: See TracTickets for help on using tickets.