Correct Horse Battery Staple

Description

This plugin replaces WordPress’s default strong password generator with one to create passwords in a style similar to those described in the XKCD Password Strength comic.

The XKCD style passwords are generated on the Add New User and Your Profile Admin pages.

The plugin will generate four word passwords using words of up to seven letters with dashes between the words.

This plugin works on UNIX-based servers (including Linux & MacOS). The words are randomly selected from the operating system’s dictionary list of over 235000 words. As Windows servers do not contain this file, the plugin will have no effect on a Windows server.

Screenshots

  • A new password being generated

FAQ

Is there an admin page?

Nope

Why does it not work on my windows server or the local server I have on my Windows PC

As mentioned in the description, this plugin makes use of the huge list of words that is available by default on unix-based operating systems (including linux and MacOS) at /usr/share/dict/words. As Windows doesn’t have this list available, the plugin will have no effect on a Windows server or PC.

Why doesn’t it work for me?

The plugin does work on the sites it has been tested on. Feel free to ask for help on the Correct Horse Battery Staple Passwords plugin support page on WordPress.org.

Does it work for new users subscribing themseleves

No, this version is designed for use on the Add New user (user-new.php) and Your Profile (profile.php) admin pages only.

What if I don’t like the words chosen for the password and want to change them?

After saving the user, go to Users -> All Users and click on the User you have just set up. You can then have WordPress generate a new password by clicking the ‘Generate Password’ button. If you still don’t like the words in that password refresh the page to be able to generate another new password. You can still override the auto-generated password by overtyping if you want to change it manually.

Some of the words returned in the auto-generated password are a bit esoteric. Can’t we just have common words returned?

The words are taken from the dictionary words list contained in the server’s operating system, so it is not possible to exclude a subset of the list in this version of the plugin.

I saw an article which said that using this style of password isn’t such a good idea. Why should I use it?

Instead of using a memorable password it would normally be preferable for people to use a password manager to remember their passwords. If a password manager is used, the passwords would not need to be memorable, so the default complex passwords generated by WordPress would be appropriate. It is not always practical or possible to insist that everyone logging onto a WordPress site will be using a password manager.

This plugin offers a more memorable alternative to the default complex passwords which are not normally very memorable. A manually entered memorable password may not be very complex, so this plugin offers an alternative to entering a memorable but less strong password.

What levels of support are available?

I offer free forum support for free cubecolour plugins where all communication takes place on the plugin’s own forum on the WordPress.org forums and (if applicable) a link is provided to the page on your site where I can see the issue without needing a password. Non-free support via email is available if the conditions of obtaining free support on the public forum are not compatible with the level of support required. This can be requested at: cubecolour.co.uk/premium-support

I am using the plugin and I love it, how can I show my appreciation?

You can donate any amount via my donation page. If you find the plugin useful I would also appreciate a glowing five star review on the plugin review page

Contributors & Developers

“Correct Horse Battery Staple” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.1.0

  • Limit the filter to profile.php & user-new.php admin pages as a workaround to a limitation in WordPress that breaks self registration.

1.0.0

  • Initial Version