GrootMade is NOT affiliated with Disallow Pwned Passwords or its original author. Disallow Pwned Passwords™ is a trademark of its respective owner and use of it does not imply any endorsement or affiliation. This product has been forked under the GNU General Public License (GPL) and all non-GPL assets (such as proprietary images, fonts, and branding) have been removed. Distributing GPL-licensed code is 100% legal.
This plugin prevents users from setting passwords that have been exposed in public data breaches. It is designed for site administrators and developers who need to enforce stronger password hygiene for their user base.
Password Validation: Checks new and updated user passwords against the Have I Been Pwned database, which contains billions of compromised credentials from past security incidents.
Privacy-First Design: User passwords are never transmitted in full, even in hashed form. The check uses a k-anonymity method, sending only the first five characters of a hashed password prefix to the API.
Automatic Integration: Works automatically upon activation for core user actions like registration, profile updates, and password resets. It also integrates with WooCommerce for checkout and account pages.
Response Caching: To improve performance and reduce external API calls, successful query responses are cached locally for one week when a persistent cache is available.
Extensible Architecture: Allows developers to replace the default API client with a custom implementation if they wish to use a different breach data source or have specific integration requirements.
We do not provide support for the original product. If you need official support, please purchase a license from the original developer. Our community assistance is only for issues related to our forked version.
Have questions, feedback, or need support? Join the discussion on our forum.
Discuss on ForumVersion
Author
Updated
Version
Author
Updated
Version
Author
Updated
Author
Version
Type
License
Access
Fork date
Updated
Original slug
