I was hoping there was a way to force strong password BuddyPress, but couldn’t find any so I just implemented my own way of doing that.


I don’t think I have to stress the importance of strong password on this blog. Why would it be a different story for BuddyPress? They have a very nice Password Strength indicator I’m pretty sure you could hook into that to force the strong password but I was OK with a simpler implementation. So here it is, just add the following code to your theme’s functions.php.

function lehelmatyus_validation() {
 global $bp;

 if ( !empty( $_POST['signup_password'] ) )
   if ( !valid_pass( $_POST['signup_password'] ) ){
    $bp->signup->errors['signup_password'] = __( 'Your password is not strong enough. It needs to be at least 8 characters long, and must contain at least: 1 lowercase character (a-z), 1 uppercase character (A-Z), 1 number (0-9) and 1 special character (!@#..)', 'buddypress' );
   }
 }
 add_action( 'bp_signup_validate', 'lehelmatyus_validation');

 function valid_pass($candidate) {
   $r1='/[A-Z]/';  //Uppercase
   $r2='/[a-z]/';  //lowercase
   $r3='/[!@#$%^&*()-_=+{};:,<.>]/';  // whatever you mean by special char
   $r4='/[0-9]/';  //numbers

   if(preg_match_all($r1,$candidate, $o)<1) return FALSE;
   if(preg_match_all($r2,$candidate, $o)<1) return FALSE;
   if(preg_match_all($r3,$candidate, $o)<1) return FALSE;
   if(preg_match_all($r4,$candidate, $o)<1) return FALSE;
   if(strlen($candidate)<8) return FALSE;

   return TRUE;
}

We create a function that make sure it’s not empty and  passes the password to a validate function, if it fails we send back a nice descriptive error message. We hook this function into “bp_signup_validate” this takes care of the signup process. We have another function that takes care of the actual checks using regular expressions.

It checks in 5 steps:

  • at least 1 Uppercase
  • at least 1 lowercase
  • at least 1 special character
  • at least 1 number
  • has the length of minimum 8 characters

If all of these pass then we return TRUE value. That’s pretty much it.

You could force strong password BuddyPress by doing it all in only one regular expression if you really want to, but I would much prefer understandable code to fancy code. This makes it much easier to customize.

If you want to customize the password checker just comment out the lines for the checks you don’t want to enforce. For example if you don’t want to check for special characters, comment out the two lines with the variable $r3. Once where it is defined and once when we check for it with the “IF’ statement.

I hope this helped,

Let me know in the comment section!

Cheers