Introduced in recent versions of WooCommerce and WordPress, there is an integrated Password Strength Meter which forces users to use strong passwords. It loads the following files:
/wp-includes/js/zxcvbn.min.js
/wp-admin/js/password-strength-meter.min.js
If you’re running WooCommerce, the above file is also sometimes located here: /wp-content/plugins/woocommerce/assets/js/frontend/password-strength-meter.min.js
/wp-content/plugins/woocommerce/assets/js/frontend/password-strength-meter.min.js
Depending on the theme and how the developer has enqueued things, we’ve noticed that sometimes these file loads across the entire WordPress site. For performance reasons, this should only load on the “account,” “checkout,” and “password reset” pages.
To remove the WordPress and WooCommerce password strength meter scripts from non-essential pages, simply click into the Perfmatters settings and enable the “Disable Password Strength Meter” option (as seen below).
If you have disabled the password strength meter and are still seeing the scripts, it’s most likely due to your WordPress theme. Example, if you have a login link that initiates a popup window on your site, a theme developer will typically load the login form script in the footer of the site. What this means is that every page on your ecommerce site is technically getting treated as an account page, and therefore the password meter scripts all load.
Here are a couple solutions: