@henrywright
Could not get it to work. I ‘fixed’ it by removing the whole option for users to change their password. If they want to change it, they can use the lost password option. That does work with wordpress security plugins.
I tried your code and it does not work for password strength, when users try to change their password on the front-end.
I also tried to change it to signup_password, but that also does not work. It seems to only work on signup and not once members are logged in and try to change their password. This is the code I used.
function my_validation() {
global $bp;
if ( !empty( $_POST['signup_password'] ) )
if ( strlen( $_POST['signup_password'] ) < 9 )
$bp->signup->errors['signup_password'] = __( 'Your password is not strong enough and needs to be at least 9 characters long', 'buddypress' );
}
add_action( 'bp_signup_validate', 'my_validation');
Thank you for the extra explanation. I don’t understand how adding a code to set the minimum number of signup_username characters, makes sure that the passwords has a minimum strength.
I tested it on my site and on a clean installation and both do not work on members/member_name/settings/ . Users do see a password strength meter, but can still change their password into something simple as 1 or A. How did you get it to work on members/member_name/settings/?
With WordPress there are many plugins (none that work with buddypress frond-end settings page) that set a minimum strength for passwords. Such as Login Security Solution and iThemes Security. You can force users to change their password or set an amount of days when users must change their password.
It seems like a major security problems (that has existed for a few years) that Buddypress allows simple passwords such as 1 and A on members/member_name/settings/
@henrywright
Isn’t that based on the availability of the user name and not on the password strength.
@danbp
That plugin does not seem to work on the user settings page, where users can change their password..
The second link you send me, where things I tried before posting this question. None seem to work. Users can still change their password to something like A or 1 in the front-end user settings page.
I have been looking at buddypress since version 1 and every time I hope for improvement and every time get disappointed at the focus of the developers.
Most of the strength that wordpress has, buddypress is lacking. It’s not simple and user friendly and lacks basic needs for a forum community. In more than 1 year buddypress has only 187 member. Too bad.
I wish I was a great coder like the people behind wordpress, but I am not. If I was I would definitely contribute to buddypress.
I am suprised that such a basic feature of having a global forum is not part of buddypress.
@gregfielding
I don’t see any other plugin that they offer and I need. So 30$ for having a basic feature such as a forum is not inexpensive to me! phpBB has been free for over 10 years and offers much more than just a global forum.
