D
by Itineris Limited
5 (2 reviews)
Disallow Pwned Password
Disallow WordPress and WooCommerce users using pwned passwords.
Tested up to WP 5 (Current: 6.9.4)
v0.3.2
Current Version v0.3.2
Updated 7 years ago
Last Update on 19 Feb, 2019
Refreshed 7 hours ago
Last Refreshed on
Rank
#35,157
—
No change
Active Installs
10+
—
No change
KW Avg Position
3.5
—
No change
Downloads
1.9K
+4 today
Support Resolved
0%
—
No change
Rating
100%
Review 5 out of 5
5
(2 reviews)
Next Milestone 20
10+
20+
10,267
Ranks to Climb
-
Growth Needed
8,000,000
Active Installs
Pro
Unlock Exact Install Count
See the precise estimated active installs for this plugin, calculated from real-time ranking data.
- Exact install estimates within tiers
- Track install growth over time
- Milestone progress predictions
Need 6 more installs to reach 20+
Rank Changes
Current
#35,157
Change
Best
#
Downloads Growth
Downloads
Growth
Peak
Upgrade to Pro
Unlock 30-day, 90-day, and yearly download history charts with a Pro subscription.
Upgrade NowReviews & Ratings
5.0
2 reviews
Overall
100%
5
2
(100%)
4
0
(0%)
3
0
(0%)
2
0
(0%)
1
0
(0%)
Tracked Keywords
Showing 2 of 2| Keyword | Position | Change | Type | Updated |
|---|---|---|---|---|
| hibp | 2 | — | Tag | 2 days ago |
| have-i-been-pwned | 5 | — | Tag | 2 days ago |
Unlock Keyword Analytics
Track keyword rankings, search positions, and discover new ranking opportunities with a Pro subscription.
- Full keyword position tracking
- Historical ranking data
- Competitor keyword analysis
Track This Plugin
Get detailed analytics, keyword tracking, and position alerts delivered to your inbox.
Start Tracking FreePlugin Details
- Version
- 0.3.2
- Last Updated
- Feb 19, 2019
- Requires WP
- 4.9.8+
- Tested Up To
- 5
- PHP Version
- 7.0 or higher
- Author
- Itineris Limited
Support & Rating
- Rating
- ★ ★ ★ ★ ★ 5
- Reviews
- 2
- Support Threads
- 0
- Resolved
- 0%
Keywords
Upgrade to Pro
Unlock keyword rankings, search positions, and detailed analytics with a Pro subscription.
Upgrade NowSimilar Plugins
WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer
7K+ installs
#2,704
Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits
30K+ installs
#954
InfiniteWP Client
200K+ installs
#253
Nextend Social Login and Register
200K+ installs
#255
Anti-Malware Security and Brute-Force Firewall
100K+ installs
#297
Frequently Asked Questions
Common questions about Disallow Pwned Password
PHP v7.0
WordPress v4.9.8
(Optional) WooCommerce v3.4.4
Did you just send all the passwords to someone else?
No. User passwords never leave your server, not even in hashed form.
How do you compare user passwords with the 6,493,641,194 pwned ones?
Curious users can learn more from:
I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download
Validating Leaked Passwords with k-Anonymity
Paranoia users should check the plugin implementation.
What to do if I don't trust haveibeenpwned.com?
Troy Hunt is a well-kown security expert. You should trust him more than me (the plugin author).
Anyways, you can replace the default API client with yours:
<?php
use Itineris\DisallowPwnedPasswords\HaveIBeenPwned\ClientInterface;
use League\Container\Container;
class YourCustomClient implements ClientInterface
{
// Your implementation.
}
add_action('i_dpp_register', function (Container $container): void {
$container->add(ClientInterface::class, YourCustomClient::class);
});
This plugin uses league/container. Learn more from its documents.
What to do if I don't trust the plugin author?
Good question! You shouldn't blindly trust any random security guide/plugin from the scary internet - including this one!
Review the plugin implementation.
I have installed this plugin. Does it mean my WordPress site is *unhackable*?
No website is unhackable.
To have a secure WordPress site, you have to keep all these up-to-date:
WordPress core
PHP
this plugin
all other WordPress themes and plugins
everything on the server
other security practices
your mindset
Strongly recommended:
WP Password Argon Two - Securely store WordPress user passwords in database with Argon2i hashing and SHA-512 HMAC using PHP's native functions
WP Cloudflare Guard - Connecting WordPress with Cloudflare firewall, protect your WordPress site at DNS level. Automatically create firewall rules to block dangerous IPs
Two-Factor
wp-password-bcrypt
WordPress v4.9.8
(Optional) WooCommerce v3.4.4
Did you just send all the passwords to someone else?
No. User passwords never leave your server, not even in hashed form.
How do you compare user passwords with the 6,493,641,194 pwned ones?
Curious users can learn more from:
I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download
Validating Leaked Passwords with k-Anonymity
Paranoia users should check the plugin implementation.
What to do if I don't trust haveibeenpwned.com?
Troy Hunt is a well-kown security expert. You should trust him more than me (the plugin author).
Anyways, you can replace the default API client with yours:
<?php
use Itineris\DisallowPwnedPasswords\HaveIBeenPwned\ClientInterface;
use League\Container\Container;
class YourCustomClient implements ClientInterface
{
// Your implementation.
}
add_action('i_dpp_register', function (Container $container): void {
$container->add(ClientInterface::class, YourCustomClient::class);
});
This plugin uses league/container. Learn more from its documents.
What to do if I don't trust the plugin author?
Good question! You shouldn't blindly trust any random security guide/plugin from the scary internet - including this one!
Review the plugin implementation.
I have installed this plugin. Does it mean my WordPress site is *unhackable*?
No website is unhackable.
To have a secure WordPress site, you have to keep all these up-to-date:
WordPress core
PHP
this plugin
all other WordPress themes and plugins
everything on the server
other security practices
your mindset
Strongly recommended:
WP Password Argon Two - Securely store WordPress user passwords in database with Argon2i hashing and SHA-512 HMAC using PHP's native functions
WP Cloudflare Guard - Connecting WordPress with Cloudflare firewall, protect your WordPress site at DNS level. Automatically create firewall rules to block dangerous IPs
Two-Factor
wp-password-bcrypt
correct horse battery staple
add_action('wp_print_scripts', function () {
wp_dequeue_script('wc-password-strength-meter');
}, 10000);
wp_dequeue_script('wc-password-strength-meter');
}, 10000);
Note: Current version supports PHP 7.0 because wordpress.org svn pre-commit hook rejects PHP 7.1+ syntax. However, you should not use PHP 7.0 because it has reached end of life since 10 January 2019.
It looks awesome. Where can I find some more goodies like this?
Articles on Itineris' blog
More projects on Itineris' GitHub profile
More plugins on Itineris and TangRufus wp.org profiles
Follow @itineris_ltd and @TangRufus on Twitter
Hire Itineris to build your next awesome site
Besides wp.org, where can I give a ★★★★★ review?
Thanks! Glad you like it. It's important to let my boss knows somebody is using this project. Please consider:
give ★★★★★ reviews on wp.org
tweet something good with mentioning @itineris_ltd and @TangRufus
️️★ star this Github repo
watch this Github repo
write blog posts
submit pull requests
hire Itineris
Where to report security related issues?
If you discover any security related issues, please email hello@itineris.co.uk instead of using the issue tracker.
It looks awesome. Where can I find some more goodies like this?
Articles on Itineris' blog
More projects on Itineris' GitHub profile
More plugins on Itineris and TangRufus wp.org profiles
Follow @itineris_ltd and @TangRufus on Twitter
Hire Itineris to build your next awesome site
Besides wp.org, where can I give a ★★★★★ review?
Thanks! Glad you like it. It's important to let my boss knows somebody is using this project. Please consider:
give ★★★★★ reviews on wp.org
tweet something good with mentioning @itineris_ltd and @TangRufus
️️★ star this Github repo
watch this Github repo
write blog posts
submit pull requests
hire Itineris
Where to report security related issues?
If you discover any security related issues, please email hello@itineris.co.uk instead of using the issue tracker.