Compromised Passwords

Modified on Sun, 18 Aug, 2024 at 9:08 PM

Compromised Passwords

When you try to login to your website or change your password, your password will be checked against a list of known compromised passwords, and if yours is found on the list, you will need to change it using a strong password before getting in.  


If found with a compromised password, you will see this notice on your WordPress login screen, prompting you to update your password using a strong password generator.

 

 

Once the password has been updated, you can now successfully log in using a secure password.

 

Note:  Passwords are checked against the list created by Have I Been Pwned. Plaintext passwords are never sent to Have I Been Pwned. Instead, 5 characters of the hashed password are sent over an encrypted connection to their API. Read the technical details here.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article