Check emails and password haveibeenpwned

Use the haveibeenpwned.com API to check the user emails and/or passwords have not been part of a breach.

Note: This will require setting up an intermediary API endpoint, since not possible to hide the HIBP key in the plugin.

ref: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/

Lars Koudal shared this idea

Top Requests

Show fixable / auto-fixable tests as a filter 4 Votes
Bulk fix 2 Votes
Export only selected modules 2 Votes
Immediately block "admin" login attempts 2 Votes
Turn on/off fixes 2 Votes

Search for:

Security newsletter

Learn how to protect and improve your website - get the latest articles about WordPress and Internet security.

We promise not to use your email for spam!

Articles from the blog

Determine IP Address With a Completely Dependable Tool
It is important to know the IP address of a computer if you are connected to a network. This does not mean…
How to Protect Your Site from the Most Common WordPress Security Issues
According to statistics, more than 50.000 websites get hacked on a daily basis. With WordPress powering over 30 percent of sites worldwide,…
Signs your WordPress website is hacked
Website hacks are sometimes challenging to detect - any malicious scripts try to hide themselves to prevent detection and stay as long…
How to prevent your website getting hacked
Signs your WordPress site has been hacked and how to prevent it from happening again.
Steps To Secure Your Business Online
While the internet can provide plenty of marketing opportunities for your business, the risks that lurk behind the shadows are many. From…
Mind Your Business: How Data Security Affects Your Company
Too many businesses take the step to collect data without thinking of the ramifications of doing so. Others don’t think they need…
UnderConstructionPage – Easy, Flexible and Works Like a Charm
If you didn’t just travel here via a portal from medieval times, chances are you’ve probably seen at least one or two…
Cyber Safety 101 – Privacy Protection Tips Everyone Needs to Know
Every day, at least 360,000 new malicious files are detected. And all it takes is for one to completely compromise your credentials…
Why Is Your Website a Target of Hackers?
Why do hackers target sites and how are they doing it? Why is a small WordPress website interesting for hackers?
Brizy Review – Design WordPress Sites for Free With a Simple Drag & Drop Editor
Because most of the page builders out there are too complicated to use, working with them can be a hectic task. Now,…