[jamesburden]

Hi – hope someone can help with this.

I have a forum website set up using bbPress. Forum members are specifically invited as it is a leadership course for selected individuals. I create their user accounts including a strong password etc and send them the details.

An issue that I’ve come across is that the participants are widely spread around the world, some of whom have limited awareness of security issues on the internet. I want to ensure that they cannot change their password to an insecure one.

I’ve got iThemes security installed on the site and have activated the strong password enforcements with a minimum level of Subscriber. All of the course participants have a primary role of subscriber, with a forum role of Participant. With the settings I have in place they should not be able to change their password to a weak one. And yet they are currently able to log in and change the password to ‘changeme’ for example.

I’ve reached out to iThemes security but nothing helpful from them yet,

Can anyone here help me to figure out how to ensure that forum users cannot change their passwords to weak ones? Is there some setting in bbPress that I’m missing? Or some workaround that others use? I can’t imagine for a minute that I’m the only one to have come across this issue, but googling has turned up a surprising lack of information about how to resolve it.

Many thanks for your help.

James Burden

Site URL: http://gcfleadership.org
WordPress version: 4.5.2
bbPress version: 2.5.9

[Robin W]

probably several plugins, and lots of articles – this is really a wordpress thing

for instance

https://wordpress.org/plugins/force-strong-passwords/or

http://www.wpbeginner.com/plugins/how-to-force-strong-password-on-users-in-wordpress/

[jamesburden]

Thanks for your answer Robin. Maybe I wasn’t clear enough though. I’m fully aware how to enforce strong passwords. I’ve got force-strong-passwords installed as a default plugin (I host with WPEngine and it’s an MU plugin). The issue is that these solutions don’t seem to work within the bbPress environment. Or at least in the configuration that I’m running (using WOffice to facilitate an extranet).

I’ve also tried enforcing strong passwords by using iThemes security options (both in conjunction and separately from force-strong-passwords). And that doesn’t work either.

I’m wondering if someone else has had a similar problem and can point me towards a possible solution.

Thanks

[Robin W]

Apologies, I read your post too fast and missed what you had already done.

whereabouts are users changing their passwords – is this just in edit profile or is it elsewhere?

[jamesburden]

Thanks. The page where they’re changing passwords is on the settings page of their profile page.

So for example:

[Robin W]

ok, that’s a buddypress function I think – try their support forum

https://buddypress.org/support/