AI助手支持GPT4.0
Disallow WordPress and WooCommerce users using pwned passwords.
禁止使用自带密码的WordPress和WooCommerce用户。
Spoiler Alert: User passwords never leave your server, not even in hashed form.
剧透警报:用户密码永远不会离开服务器,即使是散列形式也不会离开。Although reusing passwords is solely users’ fault but when evil attackers brute forced users’ passwords, and stole all their personal information or spent users’ hard earn money through your site.虽然重用密码完全是用户的错,但是当邪恶的攻击者粗暴地强迫用户输入密码,并偷走了他们的所有个人信息或用过的用户的辛苦赚钱后,您的网站就会被盗。 Those lazy users blame you, the site owner/developer.那些懒惰的用户责怪您(网站所有者/开发者)。When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。For example,…例如,... Passwords obtained from previous breach corpuses从先前的违规语料库获得的密码— NIST Digital Identity Guidelines- NIST数字身份准则 This plugin's solely purpose is to disallow WordPress and WooCommerce users reusing passwords listed in Have I Been Pwned database此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码.。Usage用法Activate and forget.激活并忘记。This plugin intercepts when:此插件在以下情况下拦截:creating new users on /wp-admin/user-new.php在 /wp-admin/user-new.php 上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php 上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php 上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp 上的新用户注册Additional interceptions if WooCommerce is installed:如果安装了WooCommerce,则还会进行其他拦截:WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code> 主页»我的帐户»忘记密码WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code> 主页»我的帐户»帐户详细信息WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code> 主页»我的帐户WC_Checkout::validate_checkout WC_Checkout :: validate_checkout > on Home » Checkout> 主页»结帐Explain It Like I’m Five像我五岁一样解释它Troy Hunt, a well-kown security expert, collected 6,493,641,194 (and counting) pwned passwords from previous security breaches 特洛伊·亨特(一位知名的安全专家)从以前的安全漏洞中收集了6,493,641,194个(并还在不断增加)所拥有的密码Pwned passwords stored as SHA-1 hashes on haveibeenpwned.com以密码SHA-1形式存储在Haveibeenpwned.com上的密码Whenever WordPress / WooCommerce users attempt to change their passwords, this plugin hashes the user password每当WordPress / WooCommerce用户尝试更改其密码时,此插件都会对用户密码进行哈希处理Take the first 5 characters from the hash从哈希中获取前5个字符Ask haveibeenpwned.com for all pwned passwords with the same first 5 hash characters向haveibeenpwned.com询问所有带有相同的前5个哈希字符的密码Check how many times the user password appears on the have I been pwned database检查用户密码在我被伪装的数据库中出现多少次Disallow the password change if it has been pwned如果密码已经被伪装,则不允许更改Users aged older than five could learn more from:五岁以上的用户可以从以下中学到更多信息:Have I Been Pwned’s FAQs 我是否已经拥有自己的常见问题解答 Why SHA-1 was chosen in the Pwned Passwords< 为什么在Pwned Passwords中选择了SHA-1 < /a>/ a> I've [Troy Hunt] Just Launched 我[特洛伊狩猎]刚刚启动“Pwned Passwords” V2 With Half a Billion Passwords for Download拥有数十亿密码可供下载的“已拥有密码” V2 Validating Leaked Passwords with k-Anonymity 使用k-匿名验证泄漏的密码 li>li>For Developers对于开发人员Fork the plugin on GitHub.在 GitHub 上分叉插件。
Although reusing passwords is solely users’ fault but when evil attackers brute forced users’ passwords, and stole all their personal information or spent users’ hard earn money through your site.
虽然重用密码完全是用户的错,但是当邪恶的攻击者粗暴地强迫用户输入密码,并偷走了他们的所有个人信息或用过的用户的辛苦赚钱后,您的网站就会被盗。
Those lazy users blame you, the site owner/developer.
那些懒惰的用户责怪您(网站所有者/开发者)。When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。For example,…例如,... Passwords obtained from previous breach corpuses从先前的违规语料库获得的密码— NIST Digital Identity Guidelines- NIST数字身份准则 This plugin's solely purpose is to disallow WordPress and WooCommerce users reusing passwords listed in Have I Been Pwned database此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码.。Usage用法Activate and forget.激活并忘记。This plugin intercepts when:此插件在以下情况下拦截:creating new users on /wp-admin/user-new.php在 /wp-admin/user-new.php 上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php 上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php 上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp 上的新用户注册Additional interceptions if WooCommerce is installed:如果安装了WooCommerce,则还会进行其他拦截:WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code> 主页»我的帐户»忘记密码WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code> 主页»我的帐户»帐户详细信息WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code> 主页»我的帐户WC_Checkout::validate_checkout WC_Checkout :: validate_checkout > on Home » Checkout> 主页»结帐Explain It Like I’m Five像我五岁一样解释它Troy Hunt, a well-kown security expert, collected 6,493,641,194 (and counting) pwned passwords from previous security breaches 特洛伊·亨特(一位知名的安全专家)从以前的安全漏洞中收集了6,493,641,194个(并还在不断增加)所拥有的密码Pwned passwords stored as SHA-1 hashes on haveibeenpwned.com以密码SHA-1形式存储在Haveibeenpwned.com上的密码Whenever WordPress / WooCommerce users attempt to change their passwords, this plugin hashes the user password每当WordPress / WooCommerce用户尝试更改其密码时,此插件都会对用户密码进行哈希处理Take the first 5 characters from the hash从哈希中获取前5个字符Ask haveibeenpwned.com for all pwned passwords with the same first 5 hash characters向haveibeenpwned.com询问所有带有相同的前5个哈希字符的密码Check how many times the user password appears on the have I been pwned database检查用户密码在我被伪装的数据库中出现多少次Disallow the password change if it has been pwned如果密码已经被伪装,则不允许更改Users aged older than five could learn more from:五岁以上的用户可以从以下中学到更多信息:Have I Been Pwned’s FAQs 我是否已经拥有自己的常见问题解答 Why SHA-1 was chosen in the Pwned Passwords< 为什么在Pwned Passwords中选择了SHA-1 < /a>/ a> I've [Troy Hunt] Just Launched 我[特洛伊狩猎]刚刚启动“Pwned Passwords” V2 With Half a Billion Passwords for Download拥有数十亿密码可供下载的“已拥有密码” V2 Validating Leaked Passwords with k-Anonymity 使用k-匿名验证泄漏的密码 li>li>For Developers对于开发人员Fork the plugin on GitHub.在 GitHub 上分叉插件。
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。For example,…例如,... Passwords obtained from previous breach corpuses从先前的违规语料库获得的密码— NIST Digital Identity Guidelines- NIST数字身份准则 This plugin's solely purpose is to disallow WordPress and WooCommerce users reusing passwords listed in Have I Been Pwned database此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码.。Usage用法Activate and forget.激活并忘记。This plugin intercepts when:此插件在以下情况下拦截:creating new users on /wp-admin/user-new.php在 /wp-admin/user-new.php 上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php 上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php 上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp 上的新用户注册Additional interceptions if WooCommerce is installed:如果安装了WooCommerce,则还会进行其他拦截:WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code> 主页»我的帐户»忘记密码WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code> 主页»我的帐户»帐户详细信息WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code> 主页»我的帐户WC_Checkout::validate_checkout WC_Checkout :: validate_checkout > on Home » Checkout> 主页»结帐Explain It Like I’m Five像我五岁一样解释它Troy Hunt, a well-kown security expert, collected 6,493,641,194 (and counting) pwned passwords from previous security breaches 特洛伊·亨特(一位知名的安全专家)从以前的安全漏洞中收集了6,493,641,194个(并还在不断增加)所拥有的密码Pwned passwords stored as SHA-1 hashes on haveibeenpwned.com以密码SHA-1形式存储在Haveibeenpwned.com上的密码Whenever WordPress / WooCommerce users attempt to change their passwords, this plugin hashes the user password每当WordPress / WooCommerce用户尝试更改其密码时,此插件都会对用户密码进行哈希处理Take the first 5 characters from the hash从哈希中获取前5个字符Ask haveibeenpwned.com for all pwned passwords with the same first 5 hash characters向haveibeenpwned.com询问所有带有相同的前5个哈希字符的密码Check how many times the user password appears on the have I been pwned database检查用户密码在我被伪装的数据库中出现多少次Disallow the password change if it has been pwned如果密码已经被伪装,则不允许更改Users aged older than five could learn more from:五岁以上的用户可以从以下中学到更多信息:Have I Been Pwned’s FAQs 我是否已经拥有自己的常见问题解答 Why SHA-1 was chosen in the Pwned Passwords< 为什么在Pwned Passwords中选择了SHA-1 < /a>/ a> I've [Troy Hunt] Just Launched 我[特洛伊狩猎]刚刚启动“Pwned Passwords” V2 With Half a Billion Passwords for Download拥有数十亿密码可供下载的“已拥有密码” V2 Validating Leaked Passwords with k-Anonymity 使用k-匿名验证泄漏的密码 li>li>For Developers对于开发人员Fork the plugin on GitHub.在 GitHub 上分叉插件。
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。For example,…例如,... Passwords obtained from previous breach corpuses从先前的违规语料库获得的密码— NIST Digital Identity Guidelines- NIST数字身份准则
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.
当处理请求以建立和更改存储的机密时,验证者应将预期机密与包含已知通常使用,预期或泄露的值的列表进行比较。
For example,…
例如,...
— NIST Digital Identity Guidelines
- NIST数字身份准则
This plugin's solely purpose is to disallow WordPress and WooCommerce users reusing passwords listed in Have I Been Pwned database此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码.。Usage用法Activate and forget.激活并忘记。This plugin intercepts when:此插件在以下情况下拦截:creating new users on /wp-admin/user-new.php在 /wp-admin/user-new.php 上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php 上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php 上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp 上的新用户注册Additional interceptions if WooCommerce is installed:如果安装了WooCommerce,则还会进行其他拦截:WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code> 主页»我的帐户»忘记密码WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code> 主页»我的帐户»帐户详细信息WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code> 主页»我的帐户WC_Checkout::validate_checkout WC_Checkout :: validate_checkout > on Home » Checkout> 主页»结帐Explain It Like I’m Five像我五岁一样解释它Troy Hunt, a well-kown security expert, collected 6,493,641,194 (and counting) pwned passwords from previous security breaches 特洛伊·亨特(一位知名的安全专家)从以前的安全漏洞中收集了6,493,641,194个(并还在不断增加)所拥有的密码Pwned passwords stored as SHA-1 hashes on haveibeenpwned.com以密码SHA-1形式存储在Haveibeenpwned.com上的密码Whenever WordPress / WooCommerce users attempt to change their passwords, this plugin hashes the user password每当WordPress / WooCommerce用户尝试更改其密码时,此插件都会对用户密码进行哈希处理Take the first 5 characters from the hash从哈希中获取前5个字符Ask haveibeenpwned.com for all pwned passwords with the same first 5 hash characters向haveibeenpwned.com询问所有带有相同的前5个哈希字符的密码Check how many times the user password appears on the have I been pwned database检查用户密码在我被伪装的数据库中出现多少次Disallow the password change if it has been pwned如果密码已经被伪装,则不允许更改Users aged older than five could learn more from:五岁以上的用户可以从以下中学到更多信息:Have I Been Pwned’s FAQs 我是否已经拥有自己的常见问题解答 Why SHA-1 was chosen in the Pwned Passwords< 为什么在Pwned Passwords中选择了SHA-1 < /a>/ a> I've [Troy Hunt] Just Launched 我[特洛伊狩猎]刚刚启动“Pwned Passwords” V2 With Half a Billion Passwords for Download拥有数十亿密码可供下载的“已拥有密码” V2 Validating Leaked Passwords with k-Anonymity 使用k-匿名验证泄漏的密码 li>li>For Developers对于开发人员Fork the plugin on GitHub.在 GitHub 上分叉插件。
此插件的唯一目的是禁止WordPress和WooCommerce用户重复使用已被我拥有数据库中列出的密码.
。
Activate and forget.
激活并忘记。
This plugin intercepts when:
此插件在以下情况下拦截:
/wp-admin/user-new.php
/wp-admin/user-new.php 上创建新用户changing other users’ passwords on /wp-admin/user-edit.php在 /wp-admin/user-edit.php 上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php 上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp 上的新用户注册
/wp-admin/user-edit.php
/wp-admin/user-edit.php 上更改其他用户的密码changing your password on /wp-admin/profile.php在 /wp-admin/profile.php 上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp 上的新用户注册
/wp-admin/profile.php
/wp-admin/profile.php 上更改密码new user registration on /wp-login.php?action=rp在 /wp-login.php?action=rp 上的新用户注册
/wp-login.php?action=rp
/wp-login.php?action=rp 上的新用户注册
Additional interceptions if WooCommerce is installed:
如果安装了WooCommerce,则还会进行其他拦截:
WC_Form_Handler::process_reset_password< WC_Form_Handler :: process_reset_password < /code> on Home » My account » Lost password/ code>
WC_Form_Handler :: process_reset_password < /code>
/code>
/ code>
WC_Form_Handler::save_account_details< WC_Form_Handler :: save_account_details < /code> on Home » My account » Account details/ code>
WC_Form_Handler :: save_account_details < /code>
WC_Form_Handler::process_registration< WC_Form_Handler :: process_registration < /code> on Home » My account/ code>
WC_Form_Handler :: process_registration < /code>
WC_Checkout::validate_checkout WC_Checkout :: validate_checkout > on Home » Checkout>
WC_Checkout :: validate_checkout >
>
Users aged older than five could learn more from:
五岁以上的用户可以从以下中学到更多信息:
/a>
/ a>
“Pwned Passwords” V2 With Half a Billion Passwords for Download
拥有数十亿密码可供下载的“已拥有密码” V2
li>
Fork the plugin on GitHub.
在 GitHub 上分叉插件。
原文出处:http://www.sanshu.cn/a/11095.html
群主管理都是支付大佬
