How to stop people using a weak password in WordPress

I was once with a client who changed their password for a government website to “password2016” and the website let them do it too! Thankfully,
Wordpress gives you a message to warn a user that a password is weak, but it allows users to check a box to override the warning. Noooooo!

I don’t want to allow users to create weak passwords, so what I want is that line “Confirm Password”, allowing a user to use a weak password to be disabled. Like so…

Turns out it is pretty simple to do with some CSS and javascript.

.pw-weak{display:none}

Stops the line appearing and this javascript snippet

document.getElementById("pw-checkbox").disabled = true;

ensures the checkbox is disabled.

Add this to your theme, or use this simple and lightweight plugin I created to block the creation of weak passwords on WordPress. Right click to download and upload to your website plugins and activate.

You may want to force all current users to have strong passwords at the same time, by using my emergency password reset plugin.