So you’ve created a user and added a strong password because you care for your blog’s security? Unfortunately you can’t be sure that the user will keep this strong password since he/she can change it to a much weaker one on his profile page.
This problem can be solved by adding a filter:
if ( is_admin() ) add_action( 'init', 'disable_password_fields', 10 ); function disable_password_fields() { if ( ! current_user_can( 'administrator' ) ) $show_password_fields = add_filter( 'show_password_fields', '__return_false' ); }
Now only a user with the administrator role can change the passwords of the users and make sure that they are using strong passwords.
Comments
10 responses to “Disable password fields for non-admins”
Alternatively, http://wordpress.org/extend/plugins/force-strong-passwords/ ๐
@steve: Unfortunately the algorithm checking for a strong password treats passwords like “abcdefghiklm” or “1234567890a” or even “————” as strong passwords since they are simply long. Took me only two minutes to figure this out and “normal” users will do so as well and use them (they will!).
Just checked: “password123” is a strong password, too. Maybe it’s time to think about a better algorithm…
@Latz, the algorithm is just copied straight from the WP core JavaScript. I’m no expert on password strength algorithms, so if anyone could contribute a better one for the plugin…
Really very generous of you Latz! I’ve found out its very useful for me. Great put!! Thanks ๐
And what about the recover-password-dialog, where users can too choose a password themselves?
Can this be tweaked for multi-site and superadmin?
You can replace this
“if ( is_admin() )
add_action( ‘init’, ‘disable_password_fields’, 10 );”
by
add_action( ‘admin_init’, ‘disable_password_fields’, 10 );
Good suggestion to overcome password related issue. Adding filter is a clever concept. Really liked that. Will try it myself and how it works. Thanks for the tip off!
My only issue : it can be very useful to change passwords once in a while, isn’t it ? With this hack, it’s impossible.
However, great trick, it gave me some ideas ๐
Thanks for this code, really helpful for me.