Ask your WordPress questions! Pay money and get answers fast! Comodo Trusted Site Seal
Official PayPal Seal

Case-Insensitive Passwords WordPress


Does anyone know how I can make the password field case-insensitive? This is a request of a client, and something I have never considered.

Answers (4)


Lew Ayotte answers:

The best way to do this is to store all new passwords as lowercase version, then any password input will be converted to lowercase. It doesn't matter if the random password generated (or the user's reset password) has upper/lower case. All that matters is that the password stored is lower case and the password checked is lower case.

There are a couple pluggable functions that handle the password setting and checking. The only way to overwrite those function is to create a WordPress plugin. I've created one that you can download here: [[LINK href=""]][[/LINK]]

Just upload the plugin to your plugins directory and activate it.

I'll probably add this to the plugin repository in WordPress. Also, this plugin only guarantees NEW passwords will be case-insensitive. Old passwords will still work, they just won't be case-insensitive.

For those interested, here is the code: [[LINK href=""]][[/LINK]]



juan manuel incaurgarat answers:

if your client has already set your password, you can use str_tolower php function to always submit lower case passwords.
even more, you can show passwords as lower case with CSS, even if your client inputs with Caps lock on.


John Cotton answers:

This is off the top of my head so caveat emptor...

There's a filter called 'random_password' which you could use to ensure that when the password gets created (when a user registers) it is all upper/lower case.

From there, you'd then have to hook into the wp_authenticate action and modify the password to be lower or upper case as you choose.

There are probably some other hooks that you'd need to check - for instance when a user updates their password - there is one I think.

One thing though is there is a TODO against wp_authenticate, so it may disappear or be modified in a future version.



rilwis answers:

There are 2 things need to be done with your question:
- reset users' passwords to lowercase
- change new users' passwords into lowercase

Because of security reason, WP doesn't allow us to get users' passwords in plain text (this prevents blog admin to see users' passwords). So, we can't change them into lowercase :(.

For 2nd purpose, you can use this function (put it in functions.php file) to change generated passwords into lowercase:

// change password to lowercase when register
add_filter('random_password', 'rw_pwd_lowercase');
function rw_pwd_lowercase($pwd) {
return strtolower($pwd);