Forbid Pwned Passwords

Contributors heyitsmikeyv
Type Free
Current Version 0.1.1
Last Updated 03 Apr, 2018
Released 01 Mar, 2018
Total Download 969
Active Install 100
Support 1 out of 1

Protect your WordPress site’s users from using breached passwords!

With Forbid Pwned Passwords, your site’s users will receive errors if they attempt to set their password to one found in a known breach, forcing them to choose a new one. This can help to mitigate credential stuffing attacks against your site and its users.

This plugin makes use of Troy Hunt’s Have I Been Pwned? API. Using k-anonymity methods, only a partial SHA-1 hash of the password is sent to the API in order to produce a list of hashes for local testing. This means no passwords are ever sent to third parties.

You can learn more about the Have I Been Pwned API here.

5
1 Reviews
5
100%
4
0%
3
0%
2
0%
1
0%