From mediawiki.org
MediaWiki extensions manual
OOjs UI icon advanced-invert.svg
Release status: experimental
Implementation User identity
Description Checks passwords against the Pwned Passwords list.
Author(s) Platonidestalk
Compatibility policy Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki 1.32+
PHP 5.3+
Database changes No
License No license specified
Translate the PwnedPasswords extension if it is available at translatewiki.net

Prevents the use of passwords which have been leaked in some past password breach, and thus protects against password reuse attacks.


The extension can be retrieved directly from Git [?]:

  • Browse code
  • Some extensions have tags for stable releases.
  • Each branch is associated with a past MediaWiki release. There is also a "master" branch containing the latest alpha version (might require an alpha version of MediaWiki).

Extract the snapshot and place it in the extensions/PwnedPasswords/ directory of your MediaWiki installation.

If you are familiar with Git and have shell access to your server, you can also obtain the extension as follows:

cd extensions/ git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/PwnedPasswords.git


  • Download and place the file(s) in a directory called PwnedPasswords in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php :
    require_once "$IP/extensions/PwnedPasswords/PwnedPasswords.php";
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.