Introduced in recent versions of WooCommerce and WordPress, there is an integrated Password Strength Meter which forces users to use strong passwords. It loads the following files:
/wp-includes/js/zxcvbn.min.js(which is around 400KB in size).
If you’re running WooCommerce, the above file is also sometimes located here:
Depending on the theme and how the developer has enqueued things, we’ve noticed that sometimes these file loads across the entire WordPress site. For performance reasons, this should only load on the “account,” “checkout,” and “password reset” pages.
Disable Password Strength Meter
Follow the steps below to disable the Password Strength Meter. This removes it from non-essential pages in WordPress and WooCommerce.
Click into the Perfmatters plugin settings.
Make sure you’re on the “General” submenu.
Scroll down and toggle on “Disable Password Strength Meter.”
Scroll down and click “Save Changes.”
Troubleshooting the Password Strength Meter
If you have disabled the password strength meter and are still seeing the scripts, it’s most likely due to your WordPress theme. For example, if you have a login link that initiates a popup window on your site, a theme developer will typically load the login form script in the footer of the site. What this means is that every page on your ecommerce site is technically getting treated as an account page, and therefore the password meter scripts all load.
Here are a couple of solutions:
- If your WordPress theme has the option to disable the popup login and instead send the user to a separate page, this is typically the easiest way.
- You can ask your theme developer to use something like AJAX so that the login form script is only loaded when clicked, therefore, not every page of your site will appear as an “account” page.