Posted on

Remove the password strength meter on the checkout page

With WooCommerce 2.5 a new feature has been added to the checkout page: The password strength meter.

If you allow customers to create an account from this page and they also choose their own password, they will see a password strength meter next to the password field.

Why is this useful?

The main reason is security.

If users select a strong password, not only are their accounts more secure, but also your website. Should someone get access to a user’s account with a weak password, they get access to much or all data on the website, compromising your security and users’ security as well.

I’ve heard many people complain about the strength meter. When it was added, we encountered an issue. If the password was not rated Strong, the ability to check out would be disabled. This resulted in less revenue for businesses, as customers would leave the website without purchasing anything. The WooCommerce Development Team applied a fix in version 2.5.1, so now everyone can check out, even with the weakest password. But some still complain.

So what to do?

You can completely remove the strength meter and restore the checkout process as it was before. To do this, add this function in your functions.php file in wp-content/themes/your-theme-name/:

Props to Caleb Burks for the snippet.

As I said, the strength meter is an incentive for users to use strong passwords and have safe accounts. Remove at your own risk.

Update 16th Feb. 2016: Do you want to change only its labels? Check this post!

55 thoughts on “Remove the password strength meter on the checkout page

  1. Hi Nicola,

    i like the strength meter feature security wise. But i have the same problem.
    A lot of customers complain that they can’t checkout or register cuz they don’t realize that they need to use a at least medium strength password.

    The option to remove that option using your function is a temp. solution but i would prefer to keep the strength meter for security reason.

    Is there a way to add a hint ? for example rename the strength meter value ?

    Instead of displaying weak , or very weak i would like to display “your password is to weak to register an account! Please consider using a stronger password”

    or something like that. ?

    any idea ?

    1. Hi,
      there’s not an easy way to change the strings, they are not from WC, but from WordPress.

      The only way I think that could work is to dynamically change them with a JS script in your theme when they change. But also in this case, it won’t be easy.

      1. Hi
        I also would like to change the “text” – At least translate it 🙂
        But I searched in every .mo.po file I have … Where can I change the text for the “pass meter”?

        (I don’t know JS, java) But I know “Cut’n’Paste” … 😉 and I can write text in Danish!!

        Thx mate – I appreciate your time

        1. Hi Peter,
          like I sad in my reply to DeathByDisco you can’t translate the text from WooCommerce.

          The strings are from WordPress so you need to translate WordPress.

          Please check this link to get started: https://make.wordpress.org/polyglots/handbook/

  2. Thanks for this!

  3. The strength just needs to be changed. I tried a password i use on somethings that is considered a strong password by most systems. has uppercase numbers and a symbol and is > 8 characters in length and it still wont let it be used. Ive disabled this feature on my sites because of it.

    1. Hi,
      I’d suggest you to open an issue here if you think that it should work differently: https://github.com/woothemes/woocommerce/issues

      Please make sure to explain why you think it’s wrong and how we should change it!

      Thank you!

  4. How do I add this without breaking the functions.php file. I added it and messed it up.

    1. Make sure to add the code at the end of the functions.php file. If the file has this sign at the end: ?> add the code on a line before that sign.

  5. Thanks for this Nicola, I am sure we have been losing business because of this.

    We have a lot of customers of the ‘older variety’ and the fact that I have struggled to create a strong password that is still memorable, I don’t hold out much hope for them. Also, why would someone want to spend over 10 mins trying to come up with something then the next time they come to the site not be able to remember it. It would certainly put me off.

    I’ve now removed the meter, with the snippet above, as even with the excellent code you have here: https://nicolamustone.com/2016/02/16/change-the-password-strength-meter-labels/ I think some customers would still struggle.

    I know nothing of code but I thought a good solution, if possible, would be to leave the meter on so customers could see the strength of the password but remove register block for less than medium strength…

    Thanks again!

    1. Hi Derek,
      Thanks for stopping by!

      I know nothing of code but I thought a good solution, if possible, would be to leave the meter on so customers could see the strength of the password but remove register block for less than medium strength…

      Actually we did this in the most recent version of WooCommerce. It tells you that your password is weak , but you can still register/checkout regardless of that.

      1. Is there any way to remove the ‘Please enter a stronger password’ text as this may be where the confusion is. On my checkout page you need to scroll down to see the ‘place order’ button so I think people are still getting stuck here as it’s asking them to improve their password and they can’t see that they can checkout regardless.

        Also, do you know if you can override in the same way on the login/registration page, not just the checkout, as this still has the enforced good password?

        Thanks

        1. Hi Derek,
          I updated this post including the script to change those strings as well. Check at the bottom of the article.

      2. On mine you can’t. It won’t allow registration to process.

    2. Sorry, I forgot to point out this was for the login/registration page, no the checkout page as this is pretty much what you already have put in place!

  6. hi plz help me

    how can Remove the password strength meter on the my-account regester user ?

    demo : https://larsa.ir/my-account

    1. Hi Iarsa,
      by using the snippet in this article it will be removed everywhere, both on My Account and Checkout pages.

  7. Hi there, this works nicely for the checkout page, thanks and thanks Caleb, but seems to break the register form on the /my-account page for non-logged in users. The strength meter and labels don’t show but the register button never becomes clickable no matter what type of password is entered. Do you see this issue also?

    1. hmmm..nevermind! It’s working on the register form for me now. Maybe something weird on my local dev

  8. Thanks for this. This removed the password strength and validation entirely which means now password “1” is valid. Is there any way we can change the strength e.g instead of strong have a weak or medium password requirement??

    1. or maybe change the password requirement?

  9. Hey, I tried the code, but there was no effect 🙁
    http://www.toner.eurofinconsulting.ro/wp/my-account/

  10. Thank you. That worked beautifully.

    1. You’re welcome Chris!

  11. Thanks a lot, very helpful!

    1. You’re welcome Oren!

  12. this is very nice tutorial
    i implemented in my website http://www.edhik.com

    1. Hi,
      Great! I’m happy you are using this!

  13. I’m a little confused, the code snippet in the article remove just the meter, or does it remove the requirement for strong passwords? I want to remove the requirement altogether so customers can use the passwords they want to use

    1. Hi Mike,
      It removes the requirement of a strong password.

  14. “The WooCommerce Development Team applied a fix in version 2.5.1, so now everyone can check out, even with the weakest password. But some still complain.”

    I don’t get it, I’m on version 2.6.1 and you can’t login with a weak password. Has to be at least medium.

    I don’t want to turn this off, I just want users to be able to choose a less complex password. But not something bleedingly obvious.

  15. please am having the same issue at http://www.ebygold.com

  16. But this is for some Ninja theme

    Can i give you access to my site and you add it 🙂
    Once i added something in functions php and site colapsed so i had to build it again

    1. Hi drago,
      I’m sorry but I can’t do this for you.

      You may want to contact one of the WooExperts here: https://woocommerce.com/wooexperts/

  17. Hi Sir,

    is there any way to DISPLAY PASSWORD FIELDS in woocommerce checkout even if you’re already SIGNED IN???.. because the default is when you’re not into sign in mode.. password fields will display..

    is there any way into this problem?

    thanks..

  18. thank you very much very helpfull

  19. Hi,
    maybe a solution would be to be able to set password requirements for our site ( min. char number and char types required ).
    For example: I would disable the requirements for symbols, but I’d keep upper and lower caps and numbers. That’s much easier to remember…

  20. thank you very much. It worked fine for me.

  21. Hi nicola,

    I think password meter is very important for security issue on the site. But with woocommerce’s default password strength meter user get bored. Can I control the password length and the characters. Such as, I want minimum six characters with at least one number, one symbol and one letter.

    Especially a Thanks for your Woocommerce and Storefront.

    1. Hi Minhaz,
      You can reduce the requirements with this code:

      add_filter( 'woocommerce_min_password_strength', create_function( '', 'return 2;' ) );
      

      The current value is 3, the minimum is 1.

  22. Hi Nicola, I applied this code and also the ‘Change password strength labels’ code (https://nicola.blog/2016/02/16/change-the-password-strength-meter-labels/) back in March last year. I didn’t check the ‘My Account’ page (but probably should have as I changed the text to ‘your password is weak but you can still CHECKOUT’… not really applicable on the my account page… silly me) but I have found out that although the ‘change password strength labels’ snippet of code has applied to the ‘My Account page’ the strength meter hasn’t.

    I am telling people that they should increase the strength of the password but it doesn’t matter as they can still proceed but the save button is greyed out until they create a strong password. I don’t know if this has always been the case of if something has changed in wordpress that has affected the outcome.

    The code works great on the checkout page but not for those who want to change their password or for those who want to create a new one as they have forgotten it.

    Is there anything else I could add so that it covers all areas that the strength meter operates?

    Thanks

    Derek

    1. Please ignore me… I have been an idiot! I realise now that I haven’t applied both pieces of code, I must have opted for the label change code and that is why they can’t proceed on their account page or forgotten password page. I’ll make a decision now on whether to completely remove the strength meter or to reduce it’s requirements as you mentioned above.

      Thanks, Derek

  23. thanku very much you don’t know how much you have help me…..

  24. Hi Nicola,

    I used this script to remove the password strength meter as this script was generating an error in Google Search Console (as a blocked resource from /wp-admin folder).

    I checked this morning, and now I’m getting this error message (have changed client # and url):

    [Sun Mar 26 13:24:05.789746 2017] [apparmor:error] [pid 11924] (10)No child processes: [client 123.456.78.90:24667] Failed to change_hat to ‘HANDLING_UNTRUSTED_INPUT’, referer: https://mywebstore.com/cart/

    So I’ve deleted the remove password strength code.

    I’m just wondering what I may have done wrong based on this error message. I’d really like to clear up the script blocking issue, and customers don’t need to have user accounts (I’ve otherwise disabled them).

    1. I read more comments, and today I put this code right before the closing php tag ?> — so far it seems to be ok.

      1. Awesome! Glad it’s working now!

  25. Thank you, we have lost a number of customer because registering was a struggle, and they didn’t know that they could checkout regardless. I have reduced the requirements. Thanks.

    1. You’re welcome mide!

  26. Hi, thanks for the snippet! I think the main issue is that it’s not clear anywhere that you can still checkout with a medium security password. I think everyone reads it and thinks they MUST use a high security password.

    I am going to ask something that perhaps is very basic: why it would represent a security threat for my site the fact that someone can log in a customer’s account?
    I mean, they would have the same access as any user with a customer role. The same access they could get just by registering in my site. That’s easier than breaking into someone else account.

    Customer wise my site doesn’t hold any really important info (card transactions are done in payment gateways sites). Thanks!

    1. Hi Matias,
      It’s not safe because they can still access personal data of the customer, like their address, their email, their data in general from the shop.

      It may not be harmless, maybe they will only find out that the customer purchased a shirt, but why should they know? It’s their private account and nobody should be able to access it.

  27. It removes the password requirements at all, I just want the minimum required length to be 8 instead of 12.

Leave a Reply

Your email address will not be published. Required fields are marked *