How to stop people using a weak password in WordPress

I was once with a client who changed their password for a government website to “password2016” and the website let them do it too! Thankfully,
Wordpress gives you a message to warn a user that a password is weak, but it allows users to check a box to override the warning. Noooooo!

I don’t want to allow users to create weak passwords, so what I want is that line “Confirm Password”, allowing a user to use a weak password to be disabled. Like so…

Turns out it is pretty simple to do with some CSS and javascript.


Stops the line appearing and this javascript snippet

document.getElementById("pw-checkbox").disabled = true;

ensures the checkbox is disabled.

Add this to your theme, or use this simple and lightweight plugin I created to block the creation of weak passwords on WordPress. Right click to download and upload to your website plugins and activate.

You may want to force all current users to have strong passwords at the same time, by using my emergency password reset plugin.

4 Comments on “How to stop people using a weak password in WordPress”

  • Harthwell July 22nd, 2019 9:36 am

    Hi. Could it be possible, also that the same feature is applicable in WP password reset on front end?

  • Andy Moyle July 22nd, 2019 7:56 pm

    Yes it is!

  • yumigo July 24th, 2019 1:59 pm

    Helpful and time saving plugin

    Just note a typo in the plugin code, the closing tag should be instead of

    so the line should look like

    Second, if you want the same behaviour onto the login page, just add
    add_action(‘login_init’, ‘no_weak_password_header’);

    above add_action(‘admin_head’, ‘no_weak_password_header’);

  • Andy Moyle November 3rd, 2019 7:55 pm

    Thanks, I’ve updated the plugin above!

Leave a Reply