120px-Crystal_Clear_Password

Disable password fields for non-admins

So you've created a user and added a strong password because you care for your blog's security? Unfortunately you can't be sure that the user will keep this strong password since he/she can change it to a much weaker one on his profile page.
This problem can be solved by adding a filter:

if ( is_admin() )
  add_action( 'init', 'disable_password_fields', 10 );

function disable_password_fields() {
  if ( ! current_user_can( 'administrator' ) )
    $show_password_fields = add_filter( 'show_password_fields', '__return_false' );
}

Now only a user with the administrator role can change the passwords of the users and make sure that they are using strong passwords.

Comments are closed.

10 comments

  1. Steve Taylor

    Alternatively, http://wordpress.org/extend/plugins/force-strong-passwords/ 🙂

  2. Latz

    @steve: Unfortunately the algorithm checking for a strong password treats passwords like "abcdefghiklm" or "1234567890a" or even "------------" as strong passwords since they are simply long. Took me only two minutes to figure this out and "normal" users will do so as well and use them (they will!).

    Just checked: "password123" is a strong password, too. Maybe it's time to think about a better algorithm...

  3. Steve Taylor

    @Latz, the algorithm is just copied straight from the WP core JavaScript. I'm no expert on password strength algorithms, so if anyone could contribute a better one for the plugin...

  4. Nathan Smith

    Really very generous of you Latz! I've found out its very useful for me. Great put!! Thanks 🙂

  5. micha

    And what about the recover-password-dialog, where users can too choose a password themselves?

  6. Beachbum

    Can this be tweaked for multi-site and superadmin?

  7. GeekPress

    You can replace this

    "if ( is_admin() )
    add_action( 'init', 'disable_password_fields', 10 );"

    by

    add_action( 'admin_init', 'disable_password_fields', 10 );

  8. Adrian

    Good suggestion to overcome password related issue. Adding filter is a clever concept. Really liked that. Will try it myself and how it works. Thanks for the tip off!

  9. Diije

    My only issue : it can be very useful to change passwords once in a while, isn't it ? With this hack, it's impossible.
    However, great trick, it gave me some ideas 🙂

  10. Rajesh Namase

    Thanks for this code, really helpful for me.