WordPress 4.8.1 was released today and contains 29 maintenance fixes and enhancements. The biggest feature most people will notice is the fixes to the Rich Text Widget (visual editor) and the introduction to a pure HTML Widget that will handle HTML in the widget and users won’t have to worry about the Visual/Text tab switching back-and-forth and losing any custom formatting.
Many of the leading WordPress security plugins have the ability to force/require strong passwords for users. But one of the requests I’ve received from people is if there is a way to require passwords to be of a certain length. It seems that some users who work with clients are finding that some clients will reset a password to something “easier to remember” but not entirely secure, or the developer is trying to enforce a specific “password policy” and one of the aspects of a policy specifies a certain number of characters.
How to Set a Password Length Requirement
Setting a password length requirement is fairly easy since WordPress already provides a hook that occurs before a password is actually reset. The hook is validate_password_reset, and it allows developers to verify aspects of the user entered password before passing it through the password reset function.