public static function validatePassword($errors, $userData) { $password = isset($_POST['pass1']) && trim($_POST['pass1']) ? $_POST['pass1'] : false; $user_id = isset($userData->ID) ? $userData->ID : false; $username = isset($_POST["user_login"]) ? $_POST["user_login"] : $userData->user_login; if ($password == false) { return $errors; } if ($errors->get_error_data("pass")) { return $errors; } $enforce = false; if (wfConfig::get('loginSec_strongPasswds') == 'pubs') { if (user_can($user_id, 'publish_posts')) { $enforce = true; } } else { if (wfConfig::get('loginSec_strongPasswds') == 'all') { $enforce = true; } } if ($enforce) { if (!wordfence::isStrongPasswd($password, $username)) { $errors->add('pass', "Please choose a stronger password. Try including numbers, symbols and a mix of upper and lower case letters and remove common words."); return $errors; } } $twoFactorUsers = wfConfig::get_ser('twoFactorUsers', array()); if (preg_match(self::$passwordCodePattern, $password) && isset($twoFactorUsers) && is_array($twoFactorUsers) && sizeof($twoFactorUsers) > 0) { $errors->add('pass', "Passwords containing a space followed by 'wf' without quotes are not allowed."); return $errors; } return $errors; }