Forbid Pwned Passwords
Protect your WordPress site’s users from using breached passwords!
With Forbid Pwned Passwords, your site’s users will receive errors if they attempt to set their password to one found in a known breach, forcing them to choose a new one.
This can help to mitigate credential stuffing attacks against your site and its users.
This plugin makes use of Troy Hunt’s Have I Been Pwned? API. Using k-anonymity methods, only a partial SHA-1 hash of the password
is sent to the API in order to produce a list of hashes for local testing. This means no passwords are ever sent to third parties.
You can learn more about the Have I Been Pwned API here.
0.1.1
- Improved error handling in the event of an API failure.
Alternative Plugins for Forbid Pwned Passwords
A reimagining of WordPress authentication using modern security practices.
Categories: General
Disallow usage of passwords found in the Have I Been Pwned breached password database.
Categories: General
Use this plugin to restrict Authors to use of some words that should not used.
Categories: General
Passwords Manager wordpress plugin let you to store different passwords at one place. Passwords are stored in Wordpress database in encrypted form so …
Categories: General
Discover the Lists with Forbid Pwned Passwords
FarrowSystem.EU - ALL Plugins
A save of all the plugins from when it was migrated from multisite. Just for historical purposes.
OS WooCommerce Plugins New Install
My list of plugins I use for WooCommerce sites.
