Skip to:
Content
Pages
Categories
Search
Top
Bottom

problem with enforcing strong passwords for forum login


  • jamesburden
    Participant

    @jamesburden

    8 years, 6 months ago

    Hi – hope someone can help with this.

    I have a forum website set up using bbPress. Forum members are specifically invited as it is a leadership course for selected individuals. I create their user accounts including a strong password etc and send them the details.

    An issue that I’ve come across is that the participants are widely spread around the world, some of whom have limited awareness of security issues on the internet. I want to ensure that they cannot change their password to an insecure one.

    I’ve got iThemes security installed on the site and have activated the strong password enforcements with a minimum level of Subscriber. All of the course participants have a primary role of subscriber, with a forum role of Participant. With the settings I have in place they should not be able to change their password to a weak one. And yet they are currently able to log in and change the password to ‘changeme’ for example.

    I’ve reached out to iThemes security but nothing helpful from them yet,

    Can anyone here help me to figure out how to ensure that forum users cannot change their passwords to weak ones? Is there some setting in bbPress that I’m missing? Or some workaround that others use? I can’t imagine for a minute that I’m the only one to have come across this issue, but googling has turned up a surprising lack of information about how to resolve it.

    Many thanks for your help.

    James Burden

    Site URL: http://gcfleadership.org
    WordPress version: 4.5.2
    bbPress version: 2.5.9

Viewing 5 replies - 1 through 5 (of 5 total)

  • Robin W
    Moderator

    @robin-w

    8 years, 6 months ago

    probably several plugins, and lots of articles – this is really a wordpress thing

    for instance

    https://wordpress.org/plugins/force-strong-passwords/or

    http://www.wpbeginner.com/plugins/how-to-force-strong-password-on-users-in-wordpress/


    jamesburden
    Participant

    @jamesburden

    8 years, 5 months ago

    Thanks for your answer Robin. Maybe I wasn’t clear enough though. I’m fully aware how to enforce strong passwords. I’ve got force-strong-passwords installed as a default plugin (I host with WPEngine and it’s an MU plugin). The issue is that these solutions don’t seem to work within the bbPress environment. Or at least in the configuration that I’m running (using WOffice to facilitate an extranet).

    I’ve also tried enforcing strong passwords by using iThemes security options (both in conjunction and separately from force-strong-passwords). And that doesn’t work either.

    I’m wondering if someone else has had a similar problem and can point me towards a possible solution.

    Thanks


    Robin W
    Moderator

    @robin-w

    8 years, 5 months ago

    Apologies, I read your post too fast and missed what you had already done.

    whereabouts are users changing their passwords – is this just in edit profile or is it elsewhere?


    jamesburden
    Participant

    @jamesburden

    8 years, 5 months ago

    Thanks. The page where they’re changing passwords is on the settings page of their profile page.

    So for example: screenshot


    Robin W
    Moderator

    @robin-w

    8 years, 5 months ago

    ok, that’s a buddypress function I think – try their support forum

    https://buddypress.org/support/

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Topic Info

Topic Tags

Skip to toolbar