From mediawiki.org
MediaWiki extensions manual
Release status: experimental
Implementation User identity
Description Checks passwords against the Pwned Passwords list.
Author(s) Platonidestalk
Compatibility policy Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki 1.32+
PHP 5.3+
Database changes No
License No license specified
Quarterly downloads 1 (Ranked 143rd)
Translate the PwnedPasswords extension if it is available at translatewiki.net

Provides command-line scripts to detect passwords which have been leaked in some past password breach, and thus protect against password reuse attacks.


The extension can be retrieved directly from Git [?]:

  • Browse code
  • Some extensions have tags for stable releases.
  • Each branch is associated with a past MediaWiki release. There is also a "master" branch containing the latest alpha version (might require an alpha version of MediaWiki).

Extract the snapshot and place it in the extensions/PwnedPasswords/ directory of your MediaWiki installation.

If you are familiar with Git and have shell access to your server, you can also obtain the extension as follows:

cd extensions/ git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/PwnedPasswords.git