I created a user (Subscriber) with a strong password then logged in as that user and successfully changed its password to a four letter password - not prevented by Wordfence though set to require strong passwords for all. Logged out and logged back in using the weak password to verify that it had actually changed.
Then ran Wordfence scan to check for weak passwords and it detected none.
Also: I set the WF scan to only do the password check so that it would run quickly. But it scanned all the files (many gigabytes) of files anyway.
Running Wordpress 3.8 and Buddypress
