Better Passwords

Description

This plugin sets a default minimum password length of 10 characters, to ensure that passwords are suitably long that they are hard to guess. However, it does not insist on any complexity rules, such as digits and special characters, as length is the most important thing when making a password hard to guess.

This plugin uses Troy Hunt’s Pwned Passwords API in order to check a user’s potential password against a corpus of breached passwords.

The password itself is never sent to any third party, only a partial hash is sent. This means that the password entered will always be private.

As an added bonus, this plugin also upgrades the hashing algorithm used when storing your password in the database. This is a secure one-way hash created using the Bcrypt or Argon2 algorithm.

Reviews

July 28, 2019
I use this plugin on all of my sites - it not only checks if a used password is included in a haveibeenpwned.com leak, but also forces WordPress to use more secure hashing algorithms for saving passwords. Highly recommended!
Read all 1 review

Contributors & Developers

“Better Passwords” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Better Passwords” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.