Extension:PwnedPasswords

From MediaWiki.org
Jump to navigation Jump to search
MediaWiki extensions manual
OOjs UI icon advanced.svg
PwnedPasswords
Release status: experimental
Implementation User identity
Description Checks passwords against the Pwned Passwords list.
Author(s) Platonidestalk
Compatibility policy release branches
MediaWiki 1.32+
PHP 5.3+
Database changes No
License No license specified
Download
Translate the PwnedPasswords extension if it is available at translatewiki.net
Check usage and version matrix.

Prevents the use of passwords which have been leaked in some past password breach, and thus protects against password reuse attacks.

Download[edit]

The extension can be retrieved directly from Git [?]:

  • Browse code
  • Some extensions have tags for stable releases.
  • Each branch is associated with a past MediaWiki release. There is also a "master" branch containing the latest alpha version (might require an alpha version of MediaWiki).

Extract the snapshot and place it in the extensions/PwnedPasswords/ directory of your MediaWiki installation.

If you are familiar with git and have shell access to your server, you can also obtain the extension as follows:

cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/PwnedPasswords.git

Installation[edit]

  • Download and place the file(s) in a directory called PwnedPasswords in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php:
    wfLoadExtension( 'PwnedPasswords' );
    
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

To users running MediaWiki 1.24 or earlier:

The instructions above describe the new way of installing this extension using wfLoadExtension(). If you need to install this extension on these earlier versions (MediaWiki 1.24 and earlier), instead of wfLoadExtension( 'PwnedPasswords' );, you need to use:

require_once "$IP/extensions/PwnedPasswords/PwnedPasswords.php";