[wp-hackers] 'Password Protected' - bug or feature?

Michael Harris harrismw at huridocs.org
Tue Dec 9 13:51:26 GMT 2008


On Tue, Dec 9, 2008 at 2:45 PM, Alex Hempton-Smith
<hempsworth at googlemail.com> wrote:
> Having a minimum password length would fix this easiest - have the minimum
> set at 3-4 perhaps?We can include the strength counter from the profile page
> as well.

I was just writing about the "Password Strength" meter, and you come
along and mention it before I could get it out.

Thinking about that, I don't have the latest version (I'm not sure
what version I have, is there any way of easily telling from the admin
section?), so it might have changed, but how about rejecting a zero
length password for users? Or at the least making it really obvious (a
red box instead of a grey box).

As for minimum length (for both user and post passwords), I'm not sure
that would be a good idea. (Unless it is linked to some more general
"security hand holding" setting, which could enforce a length for
passwords generally, and make other security requirements. That maybe
something worth exploring for someone with lots of time.)

What if someone wants a simple password on a post?

Michael.


More information about the wp-hackers mailing list