I’m referencing the below solution (which came from here Force Password Complexity) to enforce a certain level of password security. It works as expected, but it is running for ALL user roles. I do not want to enforce the same parameters to the basic ‘subscriber’ role. How do I block the code from running for certain roles? (Or, force it to run for certain roles such as Administrator, Editor, etc.)
add_action('user_profile_update_errors', 'validateProfileUpdate', 10, 3 );
add_filter('registration_errors', 'validateRegistration', 10, 3 );
add_action('validate_password_reset', 'validatePasswordReset', 10, 2 );
function validateProfileUpdate( WP_Error &$errors, $update, &$user ) {
return validateComplexPassword( $errors );
}
function validateRegistration( WP_Error &$errors, $sanitized_user_login, $user_email ) {
return validateComplexPassword( $errors );
}
function validatePasswordReset( WP_Error &$errors, $userData ) {
return validateComplexPassword( $errors );
}
function validateComplexPassword( $errors ) {
$password = ( isset( $_POST[ 'pass1' ] ) && trim( $_POST[ 'pass1' ] ) ) ? $_POST[ 'pass1' ] : null;
if ( empty( $password ) || ( $errors->get_error_data( 'pass' ) ) )
return $errors;
$passwordValidation = validatePassword($password);
if ( $passwordValidation !== true ) {
$errors->add( "pass", "<strong>ERROR</strong>: " . $passwordValidation . "." );
}
return $errors;
}
function validatePassword($Password) {
//#### Check it's greater than 6 Characters
if (strlen($Password) < 6) {
return "Password is too short (" . strlen($Password) . "), please use 6 characters or more.";
}
//#### Test password has uppercase and lowercase letters
if (preg_match("/^(?=.*[a-z])(?=.*[A-Z]).+$/", $Password) !== 1) {
return "Password does not contain a mix of uppercase & lowercase characters.";
}
//#### Test password has mix of letters and numbers
if (preg_match("/^((?=.*[a-z])|(?=.*[A-Z]))(?=.*d).+$/", $Password) !== 1) {
return "Password does not contain a mix of letters and numbers.";
}
//#### Password looks good
return true;
}