How to change the password strength for users acounts?

The password strength determines the security level of the passwords of users who have access to the admin panel.

By default, user passwords must be at least 6 characters long and contain at least one lowercase letter, one uppercase letter and one number.

You can easily change this setting and choose from the various pre-recorded configurations.

  1. Open /conf/user-conf.php
  2. Find the USERS_PASSWORD_CONSTRAINT constant, and replace the value ("lower-upper-number-min-6") with one of the followings possible values:

    • min-x // lowercase - at least x characters
    • lower-upper-min-x // lowercase + uppercase - at least x characters
    • lower-upper-number-min-x // lowercase + uppercase + numbers - at least x characters
    • lower-upper-number-symbol-min-x // lowercase + uppercase + numbers + symbols - at least x characters
    where "x" is a number between 3 and 8.
  3. Save /conf/user-conf.php

The password constraints will change for all the new incoming users.


To change the password strength of users who have access to the PHPCG admin panel you must beforehand:

PHP CRUD tutorial main page