[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBheZamLh6p1Gx6o89-lSwpPTIMHiGdePZiy7hQIqgk4":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"itinerisltd","Itineris Limited","https:\u002F\u002Fprofiles.wordpress.org\u002Fitinerisltd\u002F",2,10,85,30,84,"2026-05-20T08:03:13.481Z",[14,37],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":8,"downloaded":20,"rating":21,"num_ratings":7,"last_updated":22,"tested_up_to":23,"requires_at_least":24,"requires_php":25,"tags":26,"homepage":32,"download_link":33,"security_score":9,"vuln_count":34,"unpatched_count":34,"last_vuln_date":35,"fetched_at":36},"disallow-pwned-passwords","Disallow Pwned Password","0.3.2","\u003Cp>Disallow WordPress and WooCommerce users using pwned passwords.\u003C\u002Fp>\n\u003Ch3>Goal\u003C\u002Fh3>\n\u003Cp>Spoiler Alert: \u003Cstrong>User passwords never leave your server, not even in hashed form\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Although reusing passwords is solely users’ fault but when evil attackers brute forced users’ passwords, and stole all their personal information or spent users’ hard earn money through your site. \u003Cstrong>Those lazy users blame you\u003C\u002Fstrong>, the site owner\u002Fdeveloper.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example,…\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Passwords obtained from previous breach corpuses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>— \u003Ca href=\"https:\u002F\u002Fpages.nist.gov\u002F800-63-3\u002Fsp800-63b.html\" rel=\"nofollow ugc\">NIST Digital Identity Guidelines\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin’s solely purpose is to \u003Cstrong>disallow WordPress and WooCommerce users reusing passwords listed in \u003Ca href=\"https:\u002F\u002Fhaveibeenpwned.com\u002F\" rel=\"nofollow ugc\">Have I Been Pwned\u003C\u002Fa> database\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Activate and forget.\u003C\u002Fp>\n\u003Cp>This plugin intercepts when:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>creating new users on \u003Ccode>\u002Fwp-admin\u002Fuser-new.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>changing other users’ passwords on \u003Ccode>\u002Fwp-admin\u002Fuser-edit.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>changing your password on \u003Ccode>\u002Fwp-admin\u002Fprofile.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>new user registration on \u003Ccode>\u002Fwp-login.php?action=rp\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional interceptions if WooCommerce is installed:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Fwoocommerce\u002Fblob\u002Fmaster\u002Fincludes\u002Fclass-wc-form-handler.php\" rel=\"nofollow ugc\">\u003Ccode>WC_Form_Handler::process_reset_password\u003C\u002Fcode>\u003C\u002Fa> on Home » My account » Lost password\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Fwoocommerce\u002Fblob\u002Fmaster\u002Fincludes\u002Fclass-wc-form-handler.php\" rel=\"nofollow ugc\">\u003Ccode>WC_Form_Handler::save_account_details\u003C\u002Fcode>\u003C\u002Fa> on Home » My account » Account details\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Fwoocommerce\u002Fblob\u002Fmaster\u002Fincludes\u002Fclass-wc-form-handler.php\" rel=\"nofollow ugc\">\u003Ccode>WC_Form_Handler::process_registration\u003C\u002Fcode>\u003C\u002Fa> on Home » My account\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Fwoocommerce\u002Fblob\u002Fmaster\u002Fincludes\u002Fclass-wc-checkout.php\" rel=\"nofollow ugc\">\u003Ccode>WC_Checkout::validate_checkout\u003C\u002Fcode>\u003C\u002Fa> on Home » Checkout\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Explain It Like I’m Five\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.troyhunt.com\" rel=\"nofollow ugc\">Troy Hunt\u003C\u002Fa>, a well-kown security expert, collected 6,493,641,194 (and counting) pwned passwords from previous security breaches\u003C\u002Fli>\n\u003Cli>Pwned passwords stored as SHA-1 hashes on haveibeenpwned.com\u003C\u002Fli>\n\u003Cli>Whenever WordPress \u002F WooCommerce users attempt to change their passwords, this plugin hashes the user password\u003C\u002Fli>\n\u003Cli>Take the first 5 characters from the hash\u003C\u002Fli>\n\u003Cli>Ask haveibeenpwned.com for all pwned passwords with the same first 5 hash characters\u003C\u002Fli>\n\u003Cli>Check how many times the user password appears on the have I been pwned database\u003C\u002Fli>\n\u003Cli>Disallow the password change if it has been pwned\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Users aged older than five could learn more from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhaveibeenpwned.com\u002FFAQs\" rel=\"nofollow ugc\">Have I Been Pwned’s FAQs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.troyhunt.com\u002Fintroducing-306-million-freely-downloadable-pwned-passwords\u002F\" rel=\"nofollow ugc\">Why SHA-1 was chosen in the Pwned Passwords\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.troyhunt.com\u002Five-just-launched-pwned-passwords-version-2\u002F#cloudflareprivacyandkanonymity\" rel=\"nofollow ugc\">I’ve [Troy Hunt] Just Launched “Pwned Passwords” V2 With Half a Billion Passwords for Download\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Fvalidating-leaked-passwords-with-k-anonymity\u002F\" rel=\"nofollow ugc\">Validating Leaked Passwords with k-Anonymity\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>For Developers\u003C\u002Fh3>\n\u003Cp>Fork the plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FItinerisLtd\u002Fdisallow-pwned-passwords\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Disallow WordPress and WooCommerce users using pwned passwords.",1896,100,"2019-02-19T17:41:00.000Z","5.0.25","4.9.8","7.0",[27,28,29,30,31],"authentication","have-i-been-pwned","hibp","password","security","https:\u002F\u002Fgithub.com\u002FItinerisLtd\u002Fdisallow-pwned-passwords","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisallow-pwned-passwords.0.3.2.zip",0,null,"2026-04-16T10:56:18.058Z",{"slug":38,"name":39,"version":40,"author":5,"author_profile":6,"description":41,"short_description":42,"active_installs":34,"downloaded":43,"rating":34,"num_ratings":34,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":54,"download_link":55,"security_score":9,"vuln_count":34,"unpatched_count":34,"last_vuln_date":35,"fetched_at":56},"gf-loqate-bank-verification","GF Loqate Bank Verification","0.5.0","\u003Ch3>Goal\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FItinerisLtd\u002Fgf-loqate-bank-verification\" rel=\"nofollow ugc\">GF Loqate Bank Verification\u003C\u002Fa> verifies \u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa> bank details with \u003Ca href=\"https:\u002F\u002Fwww.loqate.com\u002Fresources\u002Fsupport\u002Fapis\u002FBankAccountValidation\u002FInteractive\u002FValidate\u002F2\u002F\" rel=\"nofollow ugc\">Loqate bank verification API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>It validates the bank details (branch sort codes and bank account numbers):\u003Cbr \u002F>\n– indicates whether the account number and sort code are valid\u003Cbr \u002F>\n– indicates whether the account can accept direct debits. Certain accounts (e.g. savings) will not accept direct debits\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Get your service key from Loqate\n\u003Col>\n\u003Cli>Register an \u003Ca href=\"https:\u002F\u002Fwww.loqate.com\" rel=\"nofollow ugc\">Loqate\u003C\u002Fa> account\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>Bank Verification\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Get the \u003Cstrong>Service key\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>Plugin Setting\n\u003Col>\n\u003Cli>Head to \u003Cstrong>Form\u003C\u002Fstrong> » \u003Cstrong>Settings\u003C\u002Fstrong> » \u003Cstrong>Bank Verification\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enter your Loqate bank verification \u003Cstrong>service key\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>A green check appears if the service key is valid\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>Form Fields Setting\n\u003Col>\n\u003Cli>Add 2 \u003Cstrong>Single Line Text\u003C\u002Fstrong> fields\n\u003Cul>\n\u003Cli>Sort Code\u003C\u002Fli>\n\u003Cli>Account Number\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Mark both fields \u003Cstrong>required\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set their \u003Cstrong>Custom CSS Class\u003C\u002Fstrong> to:\n\u003Cul>\n\u003Cli>\u003Ccode>gflbv-sort-code-is-correct\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>gflbv-account-number-is-correct\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>For Developers\u003C\u002Fh3>\n\u003Cp>Fork the plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FItinerisLtd\u002Fgf-loqate-bank-verification\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Verify Gravity Forms bank details with Loqate bank verification API.",1060,"2019-10-24T14:20:00.000Z","5.3.21","4.9.10","7.2",[49,50,51,52,53],"bank-verification","direct-debit","gravity-forms","gravityforms","loqate","https:\u002F\u002Fgithub.com\u002FItinerisLtd\u002Fgf-loqate-bank-verification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgf-loqate-bank-verification.0.5.0.zip","2026-03-15T15:16:48.613Z"]