這個外掛並未在最新的 3 個 WordPress 主要版本上進行測試。開發者可能不再對這個外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。

Password Strength Settings for WooCommerce

外掛說明

透過強制使用強度更強的密碼及額外控制密碼強度需求,提升 WooCommerce 網站的安全性。

What does this plugin do?

WooCommerce has an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between five password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, please read the documentation here.

What’s New?

Version 3.0.0 is a bit of a rewrite to bring the plugin up to modern coding standards. Functionality should not be impacted, but if it is, please reach out on the support forums.

Version 3.0.1 is simply a hotfix declaring compatibility with WooCommerce HPOS. Since this plugin doesn’t touch anything with the orders or order metadata, it shouldn’t be impacted at all. However, if you notice any issues then please reach out via the contact form on my website.

Notes

While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – especially for administrators!

Planned Features

  • Option to remove “- Please enter a stronger password.” that is added by WordPress.
  • Nothing else at the moment, but let me know if you have any ideas.

安裝方式

  1. Download the plugin & install it to your wp-content/plugins folder (or use the Plugins menu through the WordPress Administration section)
  2. Activate the plugin
  3. Navigate to WooCommerce > Settings > Accounts and edit the fields at the bottom. There, you can choose the strength of the required passwords as well as change the messaging that appears as a user enters their password, change colors, and change any password guidelines.
  4. Save and enjoy!

常見問題集

Q: What does each level do?

A: The levels range from 0 (lowest) to 4 (highest). As passwords are typed, the strength meter will dynamically update – this will disable the “Sign Up” button until the requirements have been met. It should be noted that Level 0 accepts any password, so messaging isn’t shown (and therefore doesn’t have admin fields).

Q: Where does this meter show up?

A: This should appear wherever the Password Strength Meter appears – in the “My Account” page or during Checkout.

Q: How is the password strength determined?

A: The password strength is determined by code in WordPress core, more specifically using a library called “zxcvbn”, created by Dropbox. There’s a more in-depth description of how this works in the plugin documentation.

Q: How can I require numbers, special characters, or a certain length?

A: This plugin doesn’t allow for that functionality, because it’s not part of the built-in WordPress password strength algorithms. Those restrictions have also been proven to be ineffective and frustrating for users. See How Password Strength is Determined.

Q: Why is my password marked as weak?

A: This is the most common question I get, and the short answer is I don’t know, but you can likely figure it out with the guide on How Password Strength is Determined.

Q: This allows weak passwords during account creation in checkout – what gives?

A: This is unfortunately unavoidable. As of writing, WooCommerce doesn’t validate the password strength in the checkout page, so while the strength meter will show it doesn’t enforce it. This isn’t something I’m able to work around, so share that you want validation on the password strength requirements in the official WooCommerce Ideas Board – once it’s active in WooCommerce, it will automatically be active here. 🙂

Q: My site was recently hacked. Is this plugin vulnerable, or does it cause vulnerabilities?

A: No, this plugin does not create any vulnerabilities. It does create additional displays for the client-side (in the user’s browser), but not server-side where vulnerabilities are found. It is using the Password Strength Meter that is already in WordPress, and doesn’t store or handle any information – WordPress or WooCommerce are the only ones that see and manage passwords, not this plugin. For security advice, please check out this older but still valid security 101 guide I’ve written.

Q: Where can I go if I find an issue or want to recommend a feature?

A: If you experience any issues, please let the developer know. If you have ideas for future features or improvements, head over to GitHub to see if something is in development or to help contribute.

Q: Dang, this is pretty awesome. Where can I see some of your other stuff?

A: You can check out the Danny’s personal site at DanielSantoro.com. He doesn’t keep up with it as much as he’d like, but it’s there.

使用者評論

2020 年 10 月 24 日
I have tested a lot of plugins for this WordPress password requirements and nothing comes close to this. well done and thank you for your amazing work.
2020 年 10 月 20 日 1 則留言
Just popped it in and worked like a charm! Good documentation even though I didn’t need it! – Thanks much
2020 年 6 月 8 日 2 則留言
Hi, we have WP 5.4 and Woo 4.x now 🙂 When the plugin will be compatible? (then will be 5 stars)
2018 年 6 月 12 日 1 則留言
In our setup, this allowed users to create accounts at checkout that were less than the required settings. This resulted in Woocommerce being unable to auto log them in after checkout. They also couldn’t log in manually, as the password didn’t meet the requirements in the backend.
閱讀全部 25 則使用者評論

參與者及開發者

以下人員參與了開源軟體〈Password Strength Settings for WooCommerce〉的開發相關工作。

參與者

〈Password Strength Settings for WooCommerce〉外掛目前已有 1 個本地化語言版本。 感謝全部譯者為這個外掛做出的貢獻。

將〈Password Strength Settings for WooCommerce〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄

變更記錄

2/22/2021 – Version 2.2.2

  • Updated jQuery
  • Added the ability for future plugin update notices in update screen (for any critical messages).

10/21/2020 – Version 2.2.1

  • Fixed some broken text domain strings (thank you, @alexclassroom – you are wonderful.)

8/21/2020 – Version 2.2.0

  • Added localization for various languages
  • Confirmed compatibility with the latest WordPress and WooCommerce versions
  • FAQ update RE: Security

4/25/2019 – Version 2.1.0

  • Enabled localization for all text in the plugin’s admin section.
  • Confirmed compatibility with WordPress 5.1.1 and WooCommerce 3.6.2.

2/9/2018 – Version 2.0.2

  • Cleaned up code in preparation for Localization
  • Getting ready for additional options like changing extra text
  • FAQ Update
  • Confirmed WooCommerce/WordPress compatibility

9/21/2017 – Version 2.0.1

  • Fixed a few spacing and semantic issues
  • Fixed broken link in readme.txt
  • Added version checking compatibility for WooCommerce 3.2 – tested working

8/25/2017 – Version 2.0.0

  • Total plugin rewrite from the ground up
  • Added quick links in Plugin Overview page to Documentation and Support
  • Created an Admin Screen class to better contain information
  • Added ability to change the messaging color per level (with built-in color picker or hex codes)
  • Added ability to change or disable the Password Hint messaging
  • Added ability to hide the emoji display
  • Removed “Level 1” fields, as they were not used in actual calculation or display
  • Tested through WordPress 4.8.1 and WooCommerce 3.1.2
  • Unfortunately, this broke multilingual support. If someone wants to jump in in the GitHub, that would be great!

8/1/2017 – Version 1.2.0

  • Add multilingual support and zh_TW translated thanks to AthenaTzeng

4/5/2017 – Version 1.1.0

  • Added fields to allow for custom messaging as a user is inputting passwords
  • Added rynald0s as a co-author, because he’s a modern-day superhero

3/28/2017 – Version 1.0.2

  • Readme fixes, added setting to change password strength meter labels / password error message

9/28/2016 – Version 1.0.1

  • Readme fixes, version check to WordPress 4.6 compatibility

7/24/2016 – Version 1.0.0

  • Initial Release