Join GitHub today
Require stronger password for Give Registration #1305
If a donor creates an acount, they can currently use the password "123" or "ABC" and it will be accepted. Even though the only data put at risk there is their own donation information, it is a best security practice to enforce strong passwords. Third party security plugins provide a way to enforce stonger passwords, and even core itself does not allow users to create accounts in some cases without more secure passwords.
Core itself has a method to warn of weak passwords in wp-includes/script-loader.php line 403. (and I couldn't find one, but I know it prevents admins from creating weak passords in the setup/install process.)
Users should be warned (at least) or prevented (at best) when using a weak password.
Currently, any password is accepted.
see how Core handles it, and consider adding in the password-strength-meter found in Core.
@DevinWalker @mathetos @ravinderk Here is how the password strength meter will look in the donation form having registration. Also, i think we should keep Donate button enabled even if the password entered is weak because it is the matter of choice for user so enforcing user to enter a strong password compulsory should not be the case. For such case, we can have a checkbox to fill in similar to default WordPress password strength meter. Please let me know you views on the same.
I actually think we should just use WordPress' default Strong Password auto-generator, and implement this as part of this issue:
At the end of the day, the donor shouldn't have to think about a password at all. If they CHOOSE to change the password, then these colored indicators can come into place.