Disable password fields for non-admins

So you’ve created a user and added a strong password because you care for your blog’s security? Unfortunately you can’t be sure that the user will keep this strong password since he/she can change it to a much weaker one on his profile page.
This problem can be solved by adding a filter:

if ( is_admin() )
  add_action( 'init', 'disable_password_fields', 10 );

function disable_password_fields() {
  if ( ! current_user_can( 'administrator' ) )
    $show_password_fields = add_filter( 'show_password_fields', '__return_false' );

Now only a user with the administrator role can change the passwords of the users and make sure that they are using strong passwords.





10 responses to “Disable password fields for non-admins”

  1. Latz Avatar

    @steve: Unfortunately the algorithm checking for a strong password treats passwords like “abcdefghiklm” or “1234567890a” or even “————” as strong passwords since they are simply long. Took me only two minutes to figure this out and “normal” users will do so as well and use them (they will!).

    Just checked: “password123” is a strong password, too. Maybe it’s time to think about a better algorithm…

  2. Steve Taylor Avatar

    @Latz, the algorithm is just copied straight from the WP core JavaScript. I’m no expert on password strength algorithms, so if anyone could contribute a better one for the plugin…

  3. Nathan Smith Avatar
    Nathan Smith

    Really very generous of you Latz! I’ve found out its very useful for me. Great put!! Thanks ๐Ÿ™‚

  4. micha Avatar

    And what about the recover-password-dialog, where users can too choose a password themselves?

  5. Beachbum Avatar

    Can this be tweaked for multi-site and superadmin?

  6. GeekPress Avatar

    You can replace this

    “if ( is_admin() )
    add_action( ‘init’, ‘disable_password_fields’, 10 );”


    add_action( ‘admin_init’, ‘disable_password_fields’, 10 );

  7. Adrian Avatar

    Good suggestion to overcome password related issue. Adding filter is a clever concept. Really liked that. Will try it myself and how it works. Thanks for the tip off!

  8. Diije Avatar

    My only issue : it can be very useful to change passwords once in a while, isn’t it ? With this hack, it’s impossible.
    However, great trick, it gave me some ideas ๐Ÿ™‚

  9. Rajesh Namase Avatar

    Thanks for this code, really helpful for me.