Force Strong Passwords

This plugin enforces strong password policies for users who hold significant permissions within a content management system. It is designed for site administrators who need to secure accounts that can publish content, upload files, or edit published posts, thereby reducing the risk of unauthorized access through weak credentials.

• Targeted Enforcement: The plugin specifically checks for users with capabilities like publish_posts, upload_files, and edit_published_posts. This means Authors, Editors, and Administrators are required to set strong passwords, while lower-privilege accounts may not be affected by default.
• Customizable Capability Check: Administrators can modify which user capabilities trigger the strong password requirement using the provided slt_fsp_caps_check filter. This allows for tailoring security policies to specific site roles and needs.
• Integration with Core Strength Meter: The enforcement works with the built-in password strength indicator, utilizing the same zxcvbn library to assess password strength. It prevents form submission if the password is deemed weak according to this standard.
• Applies to Key Actions: The strong password check is activated when privileged users change their password via their profile page and during the password reset process, closing common security gaps.
• Filter for Error Messages and Roles: The plugin offers filters like slt_fsp_error_message to customize the alert shown to users and slt_fsp_weak_roles to define which roles are exempt from enforcement during new user creation.