The check_passwords WordPress PHP action fires before the password and confirm password fields are checked for congruity.
Usage
add_action('check_passwords', 'my_custom_check_passwords', 10, 3);
function my_custom_check_passwords($user_login, &$pass1, &$pass2) {
// Your custom code here
}
Parameters
$user_login(string): The username.$pass1(string): The password (passed by reference).$pass2(string): The confirmed password (passed by reference).
More information
See WordPress Developer Resources: check_passwords
Examples
Enforce password complexity
Ensure that the user’s password meets specific complexity requirements.
add_action('check_passwords', 'enforce_password_complexity', 10, 3);
function enforce_password_complexity($user_login, &$pass1, &$pass2) {
// Require at least one uppercase letter, one lowercase letter, and one number
if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).+$/', $pass1)) {
$pass1 = $pass2 = ''; // Reset the passwords to force the user to enter a valid password
add_action('user_profile_update_errors', 'show_password_complexity_error');
}
}
function show_password_complexity_error($errors) {
$errors->add('password_complexity', __('<strong>Error</strong>: Password must contain at least one uppercase letter, one lowercase letter, and one number.'));
}
Prevent password reuse
Disallow users from using the same password as their previous password.
add_action('check_passwords', 'prevent_password_reuse', 10, 3);
function prevent_password_reuse($user_login, &$pass1, &$pass2) {
$user = get_user_by('login', $user_login);
if ($user && wp_check_password($pass1, $user->data->user_pass, $user->ID)) {
$pass1 = $pass2 = ''; // Reset the passwords to force the user to enter a new password
add_action('user_profile_update_errors', 'show_password_reuse_error');
}
}
function show_password_reuse_error($errors) {
$errors->add('password_reuse', __('<strong>Error</strong>: You cannot reuse your previous password.'));
}
Check for common passwords
Verify if the user’s password is one of the commonly used passwords.
add_action('check_passwords', 'check_common_passwords', 10, 3);
function check_common_passwords($user_login, &$pass1, &$pass2) {
$common_passwords = array('123456', 'password', '12345678', 'qwerty', '123456789');
if (in_array($pass1, $common_passwords)) {
$pass1 = $pass2 = ''; // Reset the passwords to force the user to enter a more secure password
add_action('user_profile_update_errors', 'show_common_password_error');
}
}
function show_common_password_error($errors) {
$errors->add('common_password', __('<strong>Error</strong>: Your password is too common. Please choose a more secure password.'));
}
Disallow specific characters
Ensure that the user’s password does not contain specific characters, such as spaces.
add_action('check_passwords', 'disallow_specific_characters', 10, 3);
function disallow_specific_characters($user_login, &$pass1, &$pass2) {
// Disallow passwords with spaces
if (preg_match('/\s/', $pass1)) {
$pass1 = $pass2 = ''; // Reset the passwords to force the user to enter a password without spaces
add_action('user_profile_update_errors', 'show_specific_characters_error');
}
}
function show_specific_characters_error($errors) {
$errors->add('specific_characters', __('<strong>Error</strong>: Passwords cannot contain spaces.'));
}
Set a minimum password length
Ensure that the user’s password meets a minimum length requirement.
add_action('check_passwords', 'set_minimum_password_length', 10, 3);
function set_minimum_password_length($user_login, &$pass1, &$pass2) {
$min_length = 10; // Set the minimum password length
if (strlen($pass1) < $min_length) {
$pass1 = $pass2 = ''; // Reset the passwords to force the user to enter a longer password
add_action('user_profile_update_errors', 'show_minimum_password_length_error');
}
}
function show_minimum_password_length_error($errors) {
$errors->add('minimum_password_length', __('<strong>Error</strong>: Password must be at least 10 characters long.'));
}