Wordfence WordPress Plugin Checks for Pwned Passwords

ByMike McBride Reading Time: 1 minute

With the recent release of Have I been pwned version 2.0 I’ve seen a lo of articles talking about using the tools to check and see if that oh so clever password you came up with is actually so unique or if it’s appears in a data breach before. There’s also been some talk of various tools that might check that for you, perhaps having it built into password managers like 1Password, for example.

Last night I also noticed another useful place where a plugin is checking the account password you use to login to a WordPress install, and forcing a password reset if it’s found in the breached data. (Yes, I found this out when it forced a reset on one of my blogs, but I’m cool with that. Happy to have help staying safe! Obviously what I thought was a random password, was found elsewhere!)

Anyway, the plugin in question is a security plugin called Wordfence. In the chagelog for their Mar. 1 update, there’s this little nugget:

Improvement: Added a new feature to prevent attackers from successfully logging in to admin accounts whose passwords have been in data breaches.

Nice.

Similar Posts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)