Wordfence WordPress Plugin Checks for Pwned Passwords

With the recent release of Have I been pwned version 2.0 I’ve seen a lo of articles talking about using the tools to check and see if that oh so clever password you came up with is actually so unique or if it’s appears in a data breach before. There’s also been some talk of various tools that might check that for you, perhaps having it built into password managers like 1Password, for example.

Last night I also noticed another useful place where a plugin is checking the account password you use to login to a WordPress install, and forcing a password reset if it’s found in the breached data. (Yes, I found this out when it forced a reset on one of my blogs, but I’m cool with that. Happy to have help staying safe! Obviously what I thought was a random password, was found elsewhere!)

Anyway, the plugin in question is a security plugin called Wordfence. In the chagelog for their Mar. 1 update, there’s this little nugget:

Improvement: Added a new feature to prevent attackers from successfully logging in to admin accounts whose passwords have been in data breaches.

Nice.

Follow these topics: Blogging