Title: Passwords Evolved Author: Carl Alexander Published: 2018 年 3 月 2 日 Last modified: 2025 年 3 月 23 日 --- 搜索插件 ![](https://ps.w.org/passwords-evolved/assets/banner-772x250.png?rev=2707531) ![](https://ps.w.org/passwords-evolved/assets/icon-256x256.png?rev=2707531) # Passwords Evolved 作者:[Carl Alexander](https://profiles.wordpress.org/carlalexander/) [下载](https://downloads.wordpress.org/plugin/passwords-evolved.1.4.0.zip) * [详情](https://cn.wordpress.org/plugins/passwords-evolved/#description) * [评价](https://cn.wordpress.org/plugins/passwords-evolved/#reviews) * [开发进展](https://cn.wordpress.org/plugins/passwords-evolved/#developers) [支持](https://wordpress.org/support/plugin/passwords-evolved/) ## 描述 **Important Notice:** This plugin is no longer supported on wordpress.org. Please open issues on [GitHub](https://github.com/carlalexander/passwords-evolved/issues). The goal of this plugin is to shore up the WordPress authentication using standard security practice recommendations. At this time, the plugin improves WordPress authentication by doing the following: #### Enforcing uncompromised passwords This plugin prevents someone from using passwords that have appeared in data breaches. Whenever someone logs into a WordPress site, it’ll verify their password using the [Have I been pwned? API](https://haveibeenpwned.com/API/v2). If their password appeared in a data breach, the plugin will prevent them from logging in until they reset their password. By default, this level of enforcement is only done on an account that has the “[administrator](https://codex.wordpress.org/Roles_and_Capabilities#Administrator)” role. You can change which roles have their passwords enforced from the settings page. For people that have a role where there’s no password enforcement, the plugin will show a warning when they log in with a compromised password. The enforcement of uncompromised password also extends to when someone resets or changes their password. That said, in those situations, using an uncompromised password is mandatory. Someone will never be able to reset or change their password to one that’s appeared in a security breach. (As long as the plugin is able to contact the API.) #### Using stronger password hashing The plugin also encrypts passwords using either the [bcrypt](https://en.wikipedia.org/wiki/Bcrypt) and [Argon2](https://en.wikipedia.org/wiki/Argon2) hashing functions. These are the strongest hashing functions available in PHP. Argon2 is available natively starting with PHP 7.2, but the plugin can also encrypt passwords on older PHP versions using the [libsodium](https://libsodium.org) compatibility layer introduced in WordPress 5.2. You don’t have to do anything to convert your password hash to a stronger encryption standard. The plugin will take care of converting it the next time that you log in after installing the plugin. If you decide to remove the plugin, your password will continue working and remain encrypted until you reset it. It’s also worth noting that using a stronger hashing function is only important in the advent of a data breach. A stronger password hashing function makes decrypting the passwords from the data breach a lot harder to do. This combined with the enforcement of uncompromised passwords will help ensure that those passwords are never decrypted.( Or at least without significant effort.) ## 常见问题 ### Wait so are you sending my password to a 3rd party!? No, the plugin never sends your full password to a 3rd party for verification. The plugin only sends the first five characters of the [SHA-1](https://en.wikipedia.org/wiki/Sha1) hashed password to a 3rd party. The 3rd party then sends back all passwords with a hash that starts with those five characters. The plugin then handles the rest of the password validation itself. It compares the SHA-1 hashed version of your password to the passwords returned by the 3rd party. We call this process [k-anonymity](https://en.wikipedia.org/wiki/K-anonymity). ( You can read more about validating leaked passwords with it [here](https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/).) ## 评价 ![](https://secure.gravatar.com/avatar/85d59ea9b3556f3c6a6ddc47aeeb9279900039782f835eabb09a1261e38669df? s=60&d=retro&r=g) ### 󠀁[Such a simple, yet brilliant, idea](https://wordpress.org/support/topic/such-a-simple-yet-brilliant-idea/)󠁿 [Austin Ginder](https://profiles.wordpress.org/austinginder/) 2022 年 6 月 22 日 This simple protection check is an absolute must. Every WordPress website can benefit. Highly recommend that WordPress core adopt this functionality. ![](https://secure.gravatar.com/avatar/cd257f389c91f137dab25f343b527123e887135b01921ebb6206e40cfa2eb636? s=60&d=retro&r=g) ### 󠀁[Great enhancement and well made](https://wordpress.org/support/topic/great-enhancement-and-well-made/)󠁿 [Knut Sparhell](https://profiles.wordpress.org/knutsp/) 2021 年 10 月 11 日 This seems to work very well, at least no issues – immediate or long term. A client user was very surprised that “WordPress” could know their password was “pwned”, but thankful for the reminder. Beware that if you deactivate this plugin, users have to reset their passwords. So just keep it – for the enhanced security through a modern and relatively simple plugin. Should be added to core, IMO. [ 阅读所有2条评价 ](https://wordpress.org/support/plugin/passwords-evolved/reviews/) ## 贡献者及开发者 「Passwords Evolved」是开源软件。 以下人员对此插件做出了贡献。 贡献者 * [ Carl Alexander ](https://profiles.wordpress.org/carlalexander/) * [ Celso Bessa ](https://profiles.wordpress.org/celsobessa/) * [ Carsten Bach ](https://profiles.wordpress.org/carstenbach/) * [ riper81 ](https://profiles.wordpress.org/riper81/) * [ Cornel Raiu ](https://profiles.wordpress.org/cornelraiu-1/) 「Passwords Evolved」插件已被翻译至 4 种本地化语言。 感谢[所有译者](https://translate.wordpress.org/projects/wp-plugins/passwords-evolved/contributors) 为本插件所做的贡献。 [帮助将「Passwords Evolved」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/passwords-evolved) ### 对开发感兴趣吗? 您可以[浏览代码](https://plugins.trac.wordpress.org/browser/passwords-evolved/), 查看[SVN仓库](https://plugins.svn.wordpress.org/passwords-evolved/),或通过[RSS](https://plugins.trac.wordpress.org/log/passwords-evolved/?limit=100&mode=stop_on_copy&format=rss) 订阅[开发日志](https://plugins.trac.wordpress.org/log/passwords-evolved/)。 ## 更新日志 #### 1.4.0 _Released: 2025-03-22_ * Only define `wp_generate_password` for wordpress 6.8 or higher [carlalexander] * Add support for `wp_hash_password_algorithm` hook in wordpress 6.8 [carlalexander] #### 1.3.4 _Released: 2024-11-27_ * Update `wp_set_password` function to match current wordpress version [carlalexander] #### 1.3.3 _Released: 2022-09-25_ * Use different capabilities for admin pages so that they work when plugins directory isn’t writeable [carlalexander] #### 1.3.2 _Released: 2022-04-19_ * Add missing echo on `settings_saved` [cornelraiu-1] #### 1.3.1 _Released: 2022-04-09_ * Add `es_MX` and `es_CR` translations [riper81] #### 1.3.0 _Released: 2021-03-21_ * Remove call to api on every request [carlalexander] * Add informal (default) and formal german translations [carstenbach] #### 1.2.0 _Released: 2020-01-03_ * Fixed fatal error when installed as a mu-plugin [carlalexander] * Added support for libsodium [carlalexander] #### 1.1.4 _Released: 2019-05-07_ * Bump minimum PHP version to 5.6 [carlalexander] #### 1.1.3 _Released: 2018-04-29_ * Fixed missing `settings_saved` string in English translation [carlalexander] * Added missing echo when translating `settings_saved` string [carlalexander] #### 1.1.2 _Released: 2018-03-21_ * Added Brazilian Portuguese translation [celsobessa] * Reworked how the plugin handles its default translation [carlalexander] #### 1.1.1 _Released: 2018-03-06_ Improved how the API client and password generator handled if the API was online or not. #### 1.1.0 _Released: 2018-03-01_ Reworked plugin to use the new version of the HIBP API (Have I been pwned? API) which supports k-anonymity. This allows the plugin to be used in production now. #### 1.0.0 _Released: 2017-08-24_ Initial release ## 额外信息 * 版本 **1.4.0** * 最后更新:**1 年前** * 活跃安装数量 **1,000+** * WordPress 版本 ** 5.2 或更高版本 ** * 已测试的最高版本为 **6.8.0** * PHP 版本 ** 5.6 或更高版本 ** * 语言 * [English (US)](https://wordpress.org/plugins/passwords-evolved/) 、 [German](https://de.wordpress.org/plugins/passwords-evolved/)、 [Norwegian (Bokmål)](https://nb.wordpress.org/plugins/passwords-evolved/) 、 [Polish](https://pl.wordpress.org/plugins/passwords-evolved/) 和 [Spanish (Mexico)](https://es-mx.wordpress.org/plugins/passwords-evolved/). * [翻译成简体中文](https://translate.wordpress.org/projects/wp-plugins/passwords-evolved) * 标签 * [authentication](https://cn.wordpress.org/plugins/tags/authentication/)[have-i-been-pwned](https://cn.wordpress.org/plugins/tags/have-i-been-pwned/) [password](https://cn.wordpress.org/plugins/tags/password/)[security](https://cn.wordpress.org/plugins/tags/security/) * [高级视图](https://cn.wordpress.org/plugins/passwords-evolved/advanced/) ## 评级 5 星(最高 5 星)。 * [ 2 条 5 星评价 ](https://wordpress.org/support/plugin/passwords-evolved/reviews/?filter=5) * [ 0 条 4 星评价 ](https://wordpress.org/support/plugin/passwords-evolved/reviews/?filter=4) * [ 0 条 3 星评价 ](https://wordpress.org/support/plugin/passwords-evolved/reviews/?filter=3) * [ 0 条 2 星评价 ](https://wordpress.org/support/plugin/passwords-evolved/reviews/?filter=2) * [ 0 条 1 星评价 ](https://wordpress.org/support/plugin/passwords-evolved/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/passwords-evolved/reviews/#new-post) [查看全部评论](https://wordpress.org/support/plugin/passwords-evolved/reviews/) ## 贡献者 * [ Carl Alexander ](https://profiles.wordpress.org/carlalexander/) * [ Celso Bessa ](https://profiles.wordpress.org/celsobessa/) * [ Carsten Bach ](https://profiles.wordpress.org/carstenbach/) * [ riper81 ](https://profiles.wordpress.org/riper81/) * [ Cornel Raiu ](https://profiles.wordpress.org/cornelraiu-1/) ## 支持 有话要说吗?是否需要帮助? [查看支持论坛](https://wordpress.org/support/plugin/passwords-evolved/) ## 捐助 您愿意支持这个插件的发展吗? [ 捐助此插件 ](https://github.com/sponsors/carlalexander)