AI助手支持GPT4.0
Disallow WordPress and WooCommerce users using pwned passwords.
禁止使用自带密码的WordPress和WooCommerce用户。 p>
Spoiler Alert: User passwords never leave your server, not even in hashed form.
剧透警报:用户密码永远不会离开服务器,即使是散列形式也不会离开 strong>。 p>Although reusing passwords is solely users’ fault but when evil attackers brute forced users’ passwords, and stole all their personal information or spent users’ hard earn money through your site.虽然重用密码完全是用户的错,但是当邪恶的攻击者粗暴地强迫用户输入密码,并偷走了他们的所有个人信息或用过的用户的辛苦赚钱后,您的网站就会被盗。 Those lazy users blame you, the site owner/developer.那些懒惰的用户责怪您 strong>(网站所有者/开发者)。 p>When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。For example,…例如,... p>Passwords obtained from previous breach corpuses从先前的违规语料库获得的密码 li> ul>— NIST Digital Identity Guidelines- NIST数字身份准则 p> blockquote>This plugin's solely purpose is to disallow WordPress and WooCommerce users reusing passwords listed in Have I Been Pwned database此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码. strong>。 p>Usage用法 h3>Activate and forget.激活并忘记。 p>This plugin intercepts when:此插件在以下情况下拦截: p>creating new users on /wp-admin/user-new.php在 /wp-admin/user-new.php code> li>上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php code> li>上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php code> li>上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp code> li>上的新用户注册 ul>Additional interceptions if WooCommerce is installed:如果安装了WooCommerce,则还会进行其他拦截: p>WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code> 主页»我的帐户»忘记密码 li>WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code> 主页»我的帐户»帐户详细信息 li>WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code> 主页»我的帐户 li>WC_Checkout::validate_checkout WC_Checkout :: validate_checkout code > on Home » Checkout> 主页»结帐 li> ul>Explain It Like I’m Five像我五岁一样解释它 h3>Troy Hunt, a well-kown security expert, collected 6,493,641,194 (and counting) pwned passwords from previous security breaches 特洛伊·亨特(一位知名的安全专家)从以前的安全漏洞中收集了6,493,641,194个(并还在不断增加)所拥有的密码 li>Pwned passwords stored as SHA-1 hashes on haveibeenpwned.com以密码SHA-1形式存储在Haveibeenpwned.com上的密码 li>Whenever WordPress / WooCommerce users attempt to change their passwords, this plugin hashes the user password每当WordPress / WooCommerce用户尝试更改其密码时,此插件都会对用户密码进行哈希处理 li>Take the first 5 characters from the hash从哈希中获取前5个字符 li>Ask haveibeenpwned.com for all pwned passwords with the same first 5 hash characters向haveibeenpwned.com询问所有带有相同的前5个哈希字符的密码 li>Check how many times the user password appears on the have I been pwned database检查用户密码在我被伪装的数据库中出现多少次 li>Disallow the password change if it has been pwned如果密码已经被伪装,则不允许更改 li> ul>Users aged older than five could learn more from:五岁以上的用户可以从以下中学到更多信息: p>Have I Been Pwned’s FAQs 我是否已经拥有自己的常见问题解答 li>Why SHA-1 was chosen in the Pwned Passwords< 为什么在Pwned Passwords中选择了SHA-1 < /a>/ a> li>I've [Troy Hunt] Just Launched 我[特洛伊狩猎]刚刚启动“Pwned Passwords” V2 With Half a Billion Passwords for Download拥有数十亿密码可供下载的“已拥有密码” V2 li>Validating Leaked Passwords with k-Anonymity 使用k-匿名验证泄漏的密码 li>li> ul>For Developers对于开发人员 h3>Fork the plugin on GitHub.在 GitHub 上分叉插件。 p>
Although reusing passwords is solely users’ fault but when evil attackers brute forced users’ passwords, and stole all their personal information or spent users’ hard earn money through your site.
虽然重用密码完全是用户的错,但是当邪恶的攻击者粗暴地强迫用户输入密码,并偷走了他们的所有个人信息或用过的用户的辛苦赚钱后,您的网站就会被盗。
Those lazy users blame you, the site owner/developer.
那些懒惰的用户责怪您 strong>(网站所有者/开发者)。 p>When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。For example,…例如,... p>Passwords obtained from previous breach corpuses从先前的违规语料库获得的密码 li> ul>— NIST Digital Identity Guidelines- NIST数字身份准则 p> blockquote>This plugin's solely purpose is to disallow WordPress and WooCommerce users reusing passwords listed in Have I Been Pwned database此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码. strong>。 p>Usage用法 h3>Activate and forget.激活并忘记。 p>This plugin intercepts when:此插件在以下情况下拦截: p>creating new users on /wp-admin/user-new.php在 /wp-admin/user-new.php code> li>上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php code> li>上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php code> li>上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp code> li>上的新用户注册 ul>Additional interceptions if WooCommerce is installed:如果安装了WooCommerce,则还会进行其他拦截: p>WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code> 主页»我的帐户»忘记密码 li>WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code> 主页»我的帐户»帐户详细信息 li>WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code> 主页»我的帐户 li>WC_Checkout::validate_checkout WC_Checkout :: validate_checkout code > on Home » Checkout> 主页»结帐 li> ul>Explain It Like I’m Five像我五岁一样解释它 h3>Troy Hunt, a well-kown security expert, collected 6,493,641,194 (and counting) pwned passwords from previous security breaches 特洛伊·亨特(一位知名的安全专家)从以前的安全漏洞中收集了6,493,641,194个(并还在不断增加)所拥有的密码 li>Pwned passwords stored as SHA-1 hashes on haveibeenpwned.com以密码SHA-1形式存储在Haveibeenpwned.com上的密码 li>Whenever WordPress / WooCommerce users attempt to change their passwords, this plugin hashes the user password每当WordPress / WooCommerce用户尝试更改其密码时,此插件都会对用户密码进行哈希处理 li>Take the first 5 characters from the hash从哈希中获取前5个字符 li>Ask haveibeenpwned.com for all pwned passwords with the same first 5 hash characters向haveibeenpwned.com询问所有带有相同的前5个哈希字符的密码 li>Check how many times the user password appears on the have I been pwned database检查用户密码在我被伪装的数据库中出现多少次 li>Disallow the password change if it has been pwned如果密码已经被伪装,则不允许更改 li> ul>Users aged older than five could learn more from:五岁以上的用户可以从以下中学到更多信息: p>Have I Been Pwned’s FAQs 我是否已经拥有自己的常见问题解答 li>Why SHA-1 was chosen in the Pwned Passwords< 为什么在Pwned Passwords中选择了SHA-1 < /a>/ a> li>I've [Troy Hunt] Just Launched 我[特洛伊狩猎]刚刚启动“Pwned Passwords” V2 With Half a Billion Passwords for Download拥有数十亿密码可供下载的“已拥有密码” V2 li>Validating Leaked Passwords with k-Anonymity 使用k-匿名验证泄漏的密码 li>li> ul>For Developers对于开发人员 h3>Fork the plugin on GitHub.在 GitHub 上分叉插件。 p>
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。For example,…例如,... p>Passwords obtained from previous breach corpuses从先前的违规语料库获得的密码 li> ul>— NIST Digital Identity Guidelines- NIST数字身份准则 p> blockquote>This plugin's solely purpose is to disallow WordPress and WooCommerce users reusing passwords listed in Have I Been Pwned database此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码. strong>。 p>Usage用法 h3>Activate and forget.激活并忘记。 p>This plugin intercepts when:此插件在以下情况下拦截: p>creating new users on /wp-admin/user-new.php在 /wp-admin/user-new.php code> li>上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php code> li>上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php code> li>上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp code> li>上的新用户注册 ul>Additional interceptions if WooCommerce is installed:如果安装了WooCommerce,则还会进行其他拦截: p>WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code> 主页»我的帐户»忘记密码 li>WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code> 主页»我的帐户»帐户详细信息 li>WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code> 主页»我的帐户 li>WC_Checkout::validate_checkout WC_Checkout :: validate_checkout code > on Home » Checkout> 主页»结帐 li> ul>Explain It Like I’m Five像我五岁一样解释它 h3>Troy Hunt, a well-kown security expert, collected 6,493,641,194 (and counting) pwned passwords from previous security breaches 特洛伊·亨特(一位知名的安全专家)从以前的安全漏洞中收集了6,493,641,194个(并还在不断增加)所拥有的密码 li>Pwned passwords stored as SHA-1 hashes on haveibeenpwned.com以密码SHA-1形式存储在Haveibeenpwned.com上的密码 li>Whenever WordPress / WooCommerce users attempt to change their passwords, this plugin hashes the user password每当WordPress / WooCommerce用户尝试更改其密码时,此插件都会对用户密码进行哈希处理 li>Take the first 5 characters from the hash从哈希中获取前5个字符 li>Ask haveibeenpwned.com for all pwned passwords with the same first 5 hash characters向haveibeenpwned.com询问所有带有相同的前5个哈希字符的密码 li>Check how many times the user password appears on the have I been pwned database检查用户密码在我被伪装的数据库中出现多少次 li>Disallow the password change if it has been pwned如果密码已经被伪装,则不允许更改 li> ul>Users aged older than five could learn more from:五岁以上的用户可以从以下中学到更多信息: p>Have I Been Pwned’s FAQs 我是否已经拥有自己的常见问题解答 li>Why SHA-1 was chosen in the Pwned Passwords< 为什么在Pwned Passwords中选择了SHA-1 < /a>/ a> li>I've [Troy Hunt] Just Launched 我[特洛伊狩猎]刚刚启动“Pwned Passwords” V2 With Half a Billion Passwords for Download拥有数十亿密码可供下载的“已拥有密码” V2 li>Validating Leaked Passwords with k-Anonymity 使用k-匿名验证泄漏的密码 li>li> ul>For Developers对于开发人员 h3>Fork the plugin on GitHub.在 GitHub 上分叉插件。 p>
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。For example,…例如,... p>Passwords obtained from previous breach corpuses从先前的违规语料库获得的密码 li> ul>— NIST Digital Identity Guidelines- NIST数字身份准则 p>
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.
当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。
For example,…
例如,... p>
ul>
— NIST Digital Identity Guidelines
- NIST数字身份准则 p>
blockquote>
This plugin's solely purpose is to disallow WordPress and WooCommerce users reusing passwords listed in Have I Been Pwned database此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码. strong>。 p>Usage用法 h3>Activate and forget.激活并忘记。 p>This plugin intercepts when:此插件在以下情况下拦截: p>creating new users on /wp-admin/user-new.php在 /wp-admin/user-new.php code> li>上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php code> li>上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php code> li>上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp code> li>上的新用户注册 ul>Additional interceptions if WooCommerce is installed:如果安装了WooCommerce,则还会进行其他拦截: p>WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code> 主页»我的帐户»忘记密码 li>WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code> 主页»我的帐户»帐户详细信息 li>WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code> 主页»我的帐户 li>WC_Checkout::validate_checkout WC_Checkout :: validate_checkout code > on Home » Checkout> 主页»结帐 li> ul>Explain It Like I’m Five像我五岁一样解释它 h3>Troy Hunt, a well-kown security expert, collected 6,493,641,194 (and counting) pwned passwords from previous security breaches 特洛伊·亨特(一位知名的安全专家)从以前的安全漏洞中收集了6,493,641,194个(并还在不断增加)所拥有的密码 li>Pwned passwords stored as SHA-1 hashes on haveibeenpwned.com以密码SHA-1形式存储在Haveibeenpwned.com上的密码 li>Whenever WordPress / WooCommerce users attempt to change their passwords, this plugin hashes the user password每当WordPress / WooCommerce用户尝试更改其密码时,此插件都会对用户密码进行哈希处理 li>Take the first 5 characters from the hash从哈希中获取前5个字符 li>Ask haveibeenpwned.com for all pwned passwords with the same first 5 hash characters向haveibeenpwned.com询问所有带有相同的前5个哈希字符的密码 li>Check how many times the user password appears on the have I been pwned database检查用户密码在我被伪装的数据库中出现多少次 li>Disallow the password change if it has been pwned如果密码已经被伪装,则不允许更改 li> ul>Users aged older than five could learn more from:五岁以上的用户可以从以下中学到更多信息: p>Have I Been Pwned’s FAQs 我是否已经拥有自己的常见问题解答 li>Why SHA-1 was chosen in the Pwned Passwords< 为什么在Pwned Passwords中选择了SHA-1 < /a>/ a> li>I've [Troy Hunt] Just Launched 我[特洛伊狩猎]刚刚启动“Pwned Passwords” V2 With Half a Billion Passwords for Download拥有数十亿密码可供下载的“已拥有密码” V2 li>Validating Leaked Passwords with k-Anonymity 使用k-匿名验证泄漏的密码 li>li> ul>For Developers对于开发人员 h3>Fork the plugin on GitHub.在 GitHub 上分叉插件。 p>
此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码.
strong>。 p>
Activate and forget.
激活并忘记。 p>
This plugin intercepts when:
此插件在以下情况下拦截: p>
/wp-admin/user-new.php
/wp-admin/user-new.php code> li>上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php code> li>上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php code> li>上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp code> li>上的新用户注册
/wp-admin/user-edit.php
/wp-admin/user-edit.php code> li>上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php code> li>上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp code> li>上的新用户注册
/wp-admin/profile.php
/wp-admin/profile.php code> li>上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp code> li>上的新用户注册
/wp-login.php?action=rp
/wp-login.php?action=rp code> li>上的新用户注册
Additional interceptions if WooCommerce is installed:
如果安装了WooCommerce,则还会进行其他拦截: p>
WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code>
WC_Form_Handler :: process_reset_password < /code>
/code>
/ code>
WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code>
WC_Form_Handler :: save_account_details < /code>
WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code>
WC_Form_Handler :: process_registration < /code>
WC_Checkout::validate_checkout
WC_Checkout :: validate_checkout code >
>
li>
Users aged older than five could learn more from:
五岁以上的用户可以从以下中学到更多信息: p>
/a>
/ a> li>
“Pwned Passwords” V2 With Half a Billion Passwords for Download
拥有数十亿密码可供下载的“已拥有密码” V2
Fork the plugin on GitHub.
在 GitHub 上分叉插件。 p>
原文出处:http://www.sanshu.cn/a/11095.html
群主管理都是支付大佬