=== Force Strong Passwords ===
Contributors: snehalpancholi
Tags: security, passwords, password policy, strong passwords, enforcement
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 8.1
Stable tag: 1.0.0
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Enforce configurable password strength rules on profile updates, password resets, and REST API calls. Shows clear requirements to users.

== Description ==

Force Strong Passwords rejects passwords that don't meet your configured complexity requirements. It covers profile updates, password reset forms, user registration, and the REST API.

**Features:**

* Configurable minimum length (default: 10 characters)
* Require uppercase letter, lowercase letter, number, and special character (all toggleable)
* Customisable special character set
* Apply enforcement per-role or to all roles
* Password requirements hint displayed on profile and reset pages
* REST API protection via `rest_pre_insert_user` filter
* Clear, specific error messages explaining exactly what failed

== Installation ==

1. Upload the `force-strong-passwords` folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu
3. Go to Settings → Strong Passwords to configure your rules

== Frequently Asked Questions ==

= Does this affect existing user passwords? =
No. Existing passwords are only checked when a user next changes their password. No retroactive enforcement.

= Can admin users bypass the rules? =
No. All roles are enforced by default. You can exclude specific roles on the settings page if needed.

= Does it work with WooCommerce checkout? =
WooCommerce uses its own password handling. This plugin covers WordPress core flows (profile, reset, registration) and the REST API.

== Changelog ==

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
