Security Alert: 26 BuddyDev accounts compromized in brute force attack.

BuddyDev

Search

[Resolved] Enforce strong passwords in Buddypress General Settings

  • Participant
    John on May 29, 2021 at 1:02 pm #38882

    Hi. I’m trying to enforce strong passwords across my buddypress/woocommerce site. I was able to enforce strong passwords during account registration via woocommerce, but I don’t know the equivalent action and settings to get buddypress to do the same.
    I wasn’t able to find the answer anywhere. So I thought I would post here. Here is the woocommerce code.

    // Conditional Field validation
add_action( 'woocommerce_register_post', 'conditional_fields_validation', 99999, 3 );
function conditional_fields_validation( $username, $email, $validation_errors ) {

    if ( isset( $_POST['account_password'] ) && !validate_password($_POST['account_password']) )
        $validation_errors->add( 'account_password', __( 'Account Password Error', 'woocommerce' ) );	
	
    return $validation_errors;
}

    Thank you.

  • Keymaster
    (BuddyDev Team)
    Posts: 24706
    Brajesh Singh on May 30, 2021 at 3:16 pm #38892

    Hi John,
    Thank you for the question.

    I am posting a sample code below for the settings page. Please update with your custom validation check.

    

// add validation logic to BuddyPress password update.
add_filter( 'bp_members_validate_user_password', function ( $errors, $pass, $confirm_pass, $userdata ) {
	// already has error.
	if ( $errors->has_errors() ) {
		return $errors;
	}

	// add your validation logic here.
	$is_strong_password = false;// set it to true/false based on your validation logic.

	if ( ! $is_strong_password ) {
		$errors->add( 'weak_password', __( 'Please use strong password.' ) );
	}

	return $errors;
}, 10, 4 );

    You can update the validation logic by using your validate_password to achieve your goal.

    hope that helps.

    Regards
    Brajesh

  • Participant
    Level: Guru
    Posts: 900
    Tosin on May 31, 2021 at 7:27 pm #38903

    Hello

    Is it possible to make the validation (medium password) instead of (strong password)

    Thanks

  • Keymaster
    (BuddyDev Team)
    Posts: 24706
    Brajesh Singh on May 31, 2021 at 7:57 pm #38905

    Hi Tosin,
    Thank you for the question.

    1. Doing server side check does not provide right user experience. So, I do not recommend the above code. The code does not include any validation function, it just lets the implementer define their own logic.

    2. If you still wish to implement server side checkup, you can include this library https://github.com/bjeavons/zxcvbn-php and use it.

    WordPress does not include any php function for testing the password strength currently. It does include the zxcvbn javascript library to test it at the client side(Which BuddyPress already uses).

    Regards
    Brajesh

The topic ‘ [Resolved] Enforce strong passwords in Buddypress General Settings’ is closed to new replies.

This topic is: resolved