Thanks to a nudge from Simon Wheatley, I’ve now incorporated the new
validate_password_reset hook to implement the server-side enforcement on password reset screens as well as on profile edit screens.
Also, someone asked if they could make the error message customizable via a filter. This seemed like a good idea. And since filters are generally good, I also added filters to modify the default list of capabilities that will trigger strong password enforcement, and the list of roles that are considered “weak”, and won’t trigger enforcement when a new user of that role is being created. For more details, see the plugins’ readme file.
For anyone who grabbed version 1.1 and started using the
SLT_FSP_CAPS_CHECK constant to modify the list of trigger capabilities already, please note that in 1.2 (hot on 1.1’s heels), I’ve deprecated this in favour of the filter that does the same thing.