Implementing Custom Password Validation in WPForms

Would you like to enforce a strict password policy in your WPForms that requires a combination of uppercase letters, lowercase letters, numbers, and symbols? While WPForms’ built-in Strong Password option doesn’t strictly implement these requirements, you can achieve this using a custom code snippet.

In this tutorial, we’ll show you how to add custom password validation to your WPForms.

Adding the Code Snippet

To implement custom password validation, you’ll need to add a custom code snippet to your site. If you need help adding custom code, please see our tutorial on adding code snippets.

Add the following code snippet to your site:

/**
 * Implement Custom Password Validation.
 *
 * @link https://wpforms.com/developers/implementing-custom-password-validation-in-wpforms
 *
 */
add_action('wpforms_process', 'custom_password_validation', 10, 3);
function custom_password_validation($fields, $entry, $form_data) {
    foreach ( $fields as $field_id => $field ) {
        // Check if this is the correct field (replace 100 with your actual field ID) and it's a password field
        if ( $field_id == 100 && $field['type'] === 'password' ) {
            $password = $field['value'];
            
            // Define the password validation pattern
            $uppercase = preg_match('@[A-Z]@', $password);
            $lowercase = preg_match('@[a-z]@', $password);
            $number    = preg_match('@[0-9]@', $password);
            $symbol    = preg_match('@[\W]@', $password);

            // Check if password meets all requirements
            if ( !$uppercase || !$lowercase || !$number || !$symbol ) {
                wpforms()->process->errors[$form_data['id']][$field_id] = esc_html__( 'Password must include at least one uppercase letter, one lowercase letter, one number, and one symbol.', 'plugin-domain' );
            }
        }
    }
}

Customizing the Snippet

You can modify this snippet to suit your specific needs:

  1. Field ID: Replace 100 in the if ( $field_id == 100 && $field['type'] === 'password' ) { line with the actual ID of your password field. To find your field ID, please see our guide on how to find field IDs.
  2. Error Message: You can customize the error message by modifying the text in the esc_html__() function.
  3. Password Requirements: If you want to change the password requirements, you can modify the regular expressions in the preg_match() functions or add/remove checks as needed.

After adding the snippet, be sure to thoroughly test your form to ensure the password validation is working as expected. Try submitting the form with various password combinations to verify that the custom validation is enforced correctly.

And that’s it! You’ve now implemented custom password validation in your WPForms. This will ensure that users create strong passwords that meet your specific requirements.

Would you like to learn more about the validation messages that appear in your forms? Check out our tutorial on changing validation messages for more details.