Correct Horse Battery Staple


This plugin replaces WordPress’s default strong password generator with one to create passwords in a style similar to those described in the XKCD Password Strength comic.

The XKCD style passwords are generated on the Add New User and Your Profile Admin pages.

The plugin will generate four word passwords using words of up to seven letters with dashes between the words.

This plugin works on UNIX-based servers (including Linux & MacOS). The words are randomly selected from the operating system’s dictionary list of over 235000 words. As Windows servers do not contain this file, the plugin will have no effect on a Windows server.

In additon to the features of the free plugin, there is an advanced version available from cubecolour called Correct Horse Battery Staple Plus which adds the following capabilities and features:

  • Use for self-registered users (single site and multisite)
  • Use for Password resets
  • Choice of different number of words in the password
  • Append a numerical suffix to the password
  • Option for one of the password words to be all uppercase


  • A new password being generated


Is there an admin page?


Why does it not work on my windows server or the local server I have on my Windows PC

As mentioned in the description, this plugin makes use of the huge list of words that is available by default on unix-based operating systems (including linux and MacOS) at /usr/share/dict/words. As Windows doesn’t have this list available, the plugin will have no effect on a Windows server or PC.

Why doesn’t it work for me?

The plugin does work on the sites it has been tested on. Feel free to ask for help on the Correct Horse Battery Staple Passwords plugin support page on

Does it work for new users subscribing themseleves

This version is designed for use on the Add New user (user-new.php) and Your Profile (profile.php) admin pages. Correct Horse Battery Staple Plus enables the XKCD-style passwords to also be generated for users registering themselves.

What if I don’t like the words chosen for the password and want to change them?

After saving the user, go to Users -> All Users and click on the User you have just set up. You can then have WordPress generate a new password by clicking the ‘Generate Password’ button. If you still don’t like the words in that password refresh the page to be able to generate another new password. You can still override the auto-generated password by overtyping if you want to change it manually.

Some of the words returned in the auto-generated password are a bit esoteric. Can’t we just have common words returned?

The words are taken from the dictionary words list contained in the server’s operating system, so it is not possible to exclude a subset of the list in this version of the plugin.

I saw an article which said that using this style of password isn’t such a good idea. Why should I use it?

Instead of using a memorable password it would normally be preferable for people to use a password manager to remember their passwords. If a password manager is used, the passwords would not need to be memorable, so the default complex passwords generated by WordPress would be appropriate. It is not always practical or possible to insist that everyone logging onto a WordPress site will be using a password manager.

This plugin offers a more memorable alternative to the default complex passwords which are not normally very memorable. A manually entered memorable password may not be very complex, so this plugin offers an alternative to entering a memorable but less strong password.

What levels of support are available?

I offer free forum support for free cubecolour plugins where all communication takes place on the plugin’s own forum on the forums and (if applicable) a link is provided to the page on your site where I can see the issue without needing a password. Non-free support via email is available if the conditions of obtaining free support on the public forum are not compatible with the level of support required. This can be requested at:

I am using the plugin and I love it, how can I show my appreciation?

You can donate any amount via my donation page. If you find the plugin useful I would also appreciate a glowing five star review on the plugin review page


There are no reviews for this plugin.

Contributors & Developers

“Correct Horse Battery Staple” is open source software. The following people have contributed to this plugin.




  • Limit the filter to profile.php & user-new.php admin pages as a workaround to a limitation in WordPress that breaks self registration.


  • Initial Version