I’ve had to heavily modify the plugin to get it to follow even the most basic of wordpress security expectations on the changed password. Highly recommend updating the plugin so that it taps into the user role password expectations and tests fully the password against the default wordpress protocols. It’s FAR too easy to create a massively insecure password.
