• Resolved electrolund

    (@electrolund)


    Are attempted passwords logged anywhere (I’m assuming those are hashed an not). But I figured I’d ask. I’d like to see what hackers are attempting out there. For instance, which of my old passwords are in cracking dumps, etc.

    I like that Wordfence keeps a list of IPs and attempted usernames that were then blocked. But their attempted password is a curiosity to me.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @electrolund, thanks for your question.

    We don’t keep any record of attempted passwords, but I understand you might think the plugin would be aware of user input when performing a comparison for our features like “Prevent the use of passwords leaked in data breaches”.

    Dictionary words, common phrases, and exposed passwords from data breaches can be compared from their plain text version against a WordPress hashed password by using?WordPress’ password functions. Notably,?wp_check_password()?can do this without exposing the encrypted password back to us or anybody else. If a password matches with anything considered insecure then they will be flagged for your attention but not kept where they could potentially be exposed.

    Many thanks,
    Peter.

    Thread Starter electrolund

    (@electrolund)

    Ah, that all makes sense. I figured it was a technical answer. ?? Thanks so much!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘view attempted password?’ is closed to new replies.