I enforce strong passwords across my WordPress sites using ithemes security; however one of my sites runs Woocommerce; and allows users to create an account. There is seemingly no way that I can prevent users from using ‘123’ or ‘password’ etc as a password. I tried generating the password but they can still log in and change the password and the change isn’t filtered by weak/strong either.
Is there any way to do this, or am I being paranoid thinking that a customer account is something that could be used to hack the site.
You can prevent this using user registration action hook.
add_action( 'user_register', 'myplugin_registration_save', 10, 1 );and writing your restriction functions in your functions.php