PHPackages derhansen/pwd\_security\_check - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. derhansen/pwd\_security\_check ActiveTypo3-cms-extension[Security](/categories/security) derhansen/pwd\_security\_check ============================== TYPO3 Extension with a Symfony Console Command to check TYPO3 Backend and Frontend user passwords against a list of popular passwords. 5.0.0(1y ago)615.3k—0%2[1 issues](https://github.com/derhansen/pwd_security_check/issues)GPL-2.0-or-laterPHP Since Jun 2Pushed 6mo ago1 watchersCompare [ Source](https://github.com/derhansen/pwd_security_check)[ Packagist](https://packagist.org/packages/derhansen/pwd_security_check)[ Docs](https://github.com/derhansen/pwd_security_check)[ Fund](https://www.paypal.me/derhansen)[ RSS](/packages/derhansen-pwd-security-check/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (1)Versions (13)Used By (0) [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://camo.githubusercontent.com/39c688bf243eeb6d3bfc529dcf3cb27443613deb696c8fa9f49bccf1e63e3bef/68747470733a2f2f7777772e7265706f7374617475732e6f72672f6261646765732f6c61746573742f6163746976652e737667)](https://www.repostatus.org/#active) Password Security Check for TYPO3 ================================= [](#password-security-check-for-typo3) What is it? ----------- [](#what-is-it) Since it is not possible out-of-the-box in TYPO3 to define password complexity rules of Backend and Frontend users, some users may choose very easy passwords for their user accounts. Especially for TYPO3 Backend Admin accounts, this can be dangerous, since it will be easier for attackers using brute force techniques to get access to the TYPO3 backend in this case. This extension can help to get an overview or to get notified about TYPO3 Backend or Frontend users, who use a password that is found in a given list of popular passwords. The extension ships with a list of 10.000 most popular passwords used, but you can also use your own list (e.g. list with top passwords in local language). Screenshots ----------- [](#screenshots) ### Console Command [](#console-command) [![Console Command](/Documentation/Images/command.gif)](/Documentation/Images/command.gif) ### TYPO3 Report [](#typo3-report) [![Report](/Documentation/Images/report.png)](/Documentation/Images/report.png) Installation ------------ [](#installation) ### Installation using Composer [](#installation-using-composer) The recommended way to install the extension is by using [Composer](https://getcomposer.org/). In your Composer based TYPO3 project root, just do `composer require derhansen/pwd_security_check`. ### Installation as extension from TYPO3 Extension Repository (TER) [](#installation-as-extension-from-typo3-extension-repository-ter) Download and install the extension with the TYPO3 extension manager module. Usage ----- [](#usage) Please note, that the check can take a lot of time to finish. This depends primary on the amount of users and the amount of passwords to check. ### CLI Arguments and Options [](#cli-arguments-and-options) Command: `./vendor/bin/typo3 pwd_security_check:process` Get Help: `./vendor/bin/typo3 help pwd_security_check:process` Command arguments: - `mode` Mode (0 = Backend Admin Users, 1 = Backend Users, 2 = Frontend Users) - `recipients` E-Mail addresses to receive notification separated by space. Command options: - `-a` Amount of passwords to check from passwords file. Warning: Higher value = longer check. \[default: 100\] - `-f` Absolute path to password file (EXT: notation allowed) \[default: "EXT:pwd\_security\_check/Resources/Private/Text/popular\_passwords.txt"\] ### TYPO3 Scheduler Support [](#typo3-scheduler-support) The Symfony Command can also be executed using the TYPO3 scheduler. Note, that arguments can only be configured in TYPO3 9.5 and that options are currently not configurable using the TYPO3 scheduler. FAQ --- [](#faq) **Is this a hacker tool?** No, at least it is not meant to be one. Therefore matched passwords are not displayed. Also, it is not very worthwhile to use this tool and try to bruteforce crack a TYPO3 account password, as it does not support parallel checks and the task may take hours/days/weeks/years. Feedback and updates -------------------- [](#feedback-and-updates) The extension is hosted on GitHub. Please report feedback, bugs and changerequests directly at [https://github.com/derhansen/pwd\_security\_check](https://github.com/derhansen/pwd_security_check) Reporting a Vulnerability ------------------------- [](#reporting-a-vulnerability) Please report vulnerabilities to . Credits ------- [](#credits) ### Password file [](#password-file) The included file with top 10.000 popular passwords has been downloaded from ### Health Score 44 — FairBetter than 92% of packages Maintenance54 Moderate activity, may be stable Popularity31 Limited adoption so far Community11 Small or concentrated contributor base Maturity66 Established project with proven stability Bus Factor1 Top contributor holds 96.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~189 days Recently: every ~216 days Total 12 Last Release 457d ago Major Versions 1.0.0 → 2.0.02020-02-15 2.x-dev → 3.0.02021-05-30 3.0.3 → 4.0.02023-05-15 4.x-dev → 5.0.02025-02-15 PHP version history (3 changes)1.0.0PHP ^7.0 2.0.0PHP ^7.2 3.0.0PHP ^7.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/d52103f3af5442e3cf7f3fb14456dc51f311af529394f0325bcd0a4e8d407947?d=identicon)[derhansen](/maintainers/derhansen) --- Top Contributors [![derhansen](https://avatars.githubusercontent.com/u/2629896?v=4)](https://github.com/derhansen "derhansen (29 commits)")[![georgringer](https://avatars.githubusercontent.com/u/1905663?v=4)](https://github.com/georgringer "georgringer (1 commits)") --- Tags TYPO3 CMSpassword securitypopular passwords ### Embed Badge ![Health badge](/badges/derhansen-pwd-security-check/health.svg) ``` [![Health](https://phpackages.com/badges/derhansen-pwd-security-check/health.svg)](https://phpackages.com/packages/derhansen-pwd-security-check) ``` ### Alternatives [fluidtypo3/vhs This is a collection of ViewHelpers for performing rendering tasks that are not natively provided by TYPO3's Fluid templating engine. 1954.1M49](/packages/fluidtypo3-vhs)[derhansen/form_crshield Challenge/response spambot protection for TYPO3 ext:form - Adds a hidden input field containing a challenge string to forms. Client must execute included JavaScript to calculate the expected response. 20205.1k6](/packages/derhansen-form-crshield)[causal/fal-protect Protect everything within /fileadmin/ based on associated folder and file restrictions (visibility, user groups and dates of publication). 1269.5k](/packages/causal-fal-protect)[leuchtfeuer/secure-downloads "Secure Download": Apply TYPO3 access rights to ALL file assets (PDFs, TGZs or JPGs etc. - configurable) - protect them from direct access. 22234.7k1](/packages/leuchtfeuer-secure-downloads)[brotkrueml/schema Embedding schema.org vocabulary - API and view helpers for schema.org markup 33584.6k13](/packages/brotkrueml-schema) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)