Log in Register

With this plugin, you can notify your users if they intend to use a password that was previously compromised or "pwned" in a data breach. You can even define whether your website allows such passwords or rejects them. To provide this service the plugin refers to the "Have I been pwned" API ( https://haveibeenpwned.com/ by Troy Hunt).

When a new user registers and submits a password (or an existing user changes his current password), the plugin checks if the new password is already listed in the "Have I been pwned" databases. If so, a respective message is presented to the user. You can decide, whether such passwords are allowed on your website or not. If not, the user has to create another password.

You also can activate a checking during login (either email address or password), to assist your existing users.

Only registered and logged in users can download this file.

Add comment