Introduced in recent versions of WooCommerce and WordPress, there is an integrated Password Strength Meter which forces users to use strong passwords. It loads the following files:
-
/wp-includes/js/zxcvbn.min.js(which is around 400KB in size). /wp-admin/js/password-strength-meter.min.js
If you’re running WooCommerce, the above file is also sometimes located here: /wp-content/plugins/woocommerce/assets/js/frontend/password-strength-meter.min.js
Depending on the theme and how the developer has enqueued things, we’ve noticed that sometimes these file loads across the entire WordPress site. For performance reasons, this should only load on the “account,” “checkout,” and “password reset” pages.
Disable Password Strength Meter
To remove the WordPress and WooCommerce password strength meter scripts from non-essential pages, simply click into the Perfmatters settings and enable the “Disable Password Strength Meter” option (as seen below).
Troubleshooting the Disable Password Strength Meter
If you have disabled the password strength meter and are still seeing the scripts, it’s most likely due to your WordPress theme. Example, if you have a login link that initiates a popup window on your site, a theme developer will typically load the login form script in the footer of the site. What this means is that every page on your ecommerce site is technically getting treated as an account page, and therefore the password meter scripts all load.
Here are a couple solutions:
- If your WordPress theme has the option to disable the popup login and instead send the user to a separate page, this is typically the easiest way.
- You can ask your theme developer to use something like AJAX so that the login form script is only loaded when clicked, therefore, not every page of your site will appear as an “account” page.