PHPackages luketowers/oc-pwnedpasswords-plugin - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. luketowers/oc-pwnedpasswords-plugin Abandoned → [winter/wn-pwnedpasswords-plugin](/?search=winter%2Fwn-pwnedpasswords-plugin)Winter-plugin[Validation & Sanitization](/categories/validation) luketowers/oc-pwnedpasswords-plugin =================================== Adds the notpwned validation rule to check passwords against the HIBP Pwned Passwords service 55864[1 issues](https://github.com/wintercms/wn-pwnedpasswords-plugin/issues)[1 PRs](https://github.com/wintercms/wn-pwnedpasswords-plugin/pulls)PHP Since Mar 23Pushed 4y ago4 watchersCompare [ Source](https://github.com/wintercms/wn-pwnedpasswords-plugin)[ Packagist](https://packagist.org/packages/luketowers/oc-pwnedpasswords-plugin)[ RSS](/packages/luketowers-oc-pwnedpasswords-plugin/feed)WikiDiscussions main Synced 4d ago READMEChangelogDependenciesVersions (2)Used By (0) About ===== [](#about) Adds the `notpwned:min` validation rule to check values against the [HaveIBeenPwned Pwned Passwords](https://haveibeenpwned.com/Passwords) service using the ranged search (k-anonymity) feature for privacy & security. If a value has been pwned more than `:min` (1 by default) times, then the provided value will fail validation. Installation ============ [](#installation) To install from the [Marketplace](https://wintercms.com/plugin/winter-pwnedpasswords), click on the "Add to Project" button and then select the project you wish to add it to before updating the project to pull in the plugin. To install from the backend, go to **Settings -> Updates & Plugins -> Install Plugins** and then search for `Winter.PwnedPasswords`. To install from [the repository](https://github.com/wintercms/wn-pwnedpasswords-plugin), clone it into **plugins/winter/pwnedpasswords** and then run `composer update` from your project root in order to pull in the dependencies. To install it with Composer, run `composer require winter/wn-pwnedpasswords-plugin` from your project root. Documentation ============= [](#documentation) Limiting by the number of times the password was pwned ------------------------------------------------------ [](#limiting-by-the-number-of-times-the-password-was-pwned) You can limit rejected passwords to those that have been pwned a minimum number of times. For example, `password` has been pwned 3,303,003 times, however `P@ssword!` has only been pwned 118 times. If we wanted to block `password` but not `P@ssword!`, we can specify the minimum number as 150 like this: ``` 'password' => 'required|string|min:6|notpwned:150|confirmed', ``` Enforce this rule on Backend authentication ------------------------------------------- [](#enforce-this-rule-on-backend-authentication) To enforce this rule on the Backend authentication system, create a file at `config/winter/pwnedpasswords/config.php` and put the following in it: ```