Disallow Pwned Password
Disallow WordPress and WooCommerce users using pwned passwords.
5(2 reviews)
·10 active installs·Updated 7 years agoAs of April 2026, Disallow Pwned Password is a WordPress hibp plugin with 10 active installations and a 5/5 rating from 2 reviews. It has been downloaded 1.9K+ times in total. Requires WordPress 4.9.8+ and PHP 7.0+. Available on WordPress.org since 2019. Last updated 7 years ago — may have compatibility concerns.
5/52 reviews
10active installs
1.9K+total downloads
7 yearssince 2019
Overview
Disallow WordPress and WooCommerce users using pwned passwords.
Goal
Spoiler Alert: User passwords never leave your server, not even in hashed form.
Although reusing passwords is solely users’ fault but when evil attackers brute forced users’ passwords, and stole all their personal information or spent users’ hard earn money through your site. Those lazy users blame you, the site owner/developer.
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example,…
- Passwords obtained from previous breach corpuses
This plugin’s solely purpose is to disallow WordPress an…
Screenshots
Ratings & Reviews
52 reviews
5 ★
2
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Compatibility
| WordPress | 4.9.8+ requiredTested up to 5.0.25 |
| PHP | 7.0+ required |
Frequently Asked Questions
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.