Este plugin no se ha probado con las últimas 3 versiones mayores de WordPress. Puede que ya no tenga soporte ni lo mantenga nadie, o puede que tenga problemas de compatibilidad cuando se usa con las versiones más recientes de WordPress.

Forbid Pwned Passwords

Descripción

Protect your WordPress site’s users from using breached passwords!

With Forbid Pwned Passwords, your site’s users will receive errors if they attempt to set their password to one found in a known breach, forcing them to choose a new one.
This can help to mitigate credential stuffing attacks against your site and its users.

This plugin makes use of Troy Hunt’s Have I Been Pwned? API. Using k-anonymity methods, only a partial SHA-1 hash of the password
is sent to the API in order to produce a list of hashes for local testing. This means no passwords are ever sent to third parties.

You can learn more about the Have I Been Pwned API here.

Reseñas

24 de agosto de 2018
This is great - it is a very nice and simple plugin to force users to select passwords that are not typically hacked le. Would be nice to have a customisable message but I love it none-the-less. Nice work!
Leer la 1 reseña

Colaboradores y desarrolladores

«Forbid Pwned Passwords» es un software de código abierto. Las siguientes personas han colaborado con este plugin.

Colaboradores

Traduce «Forbid Pwned Passwords» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

0.1.1

  • Improved error handling in the event of an API failure.