Announcing a Free Wordpress Plugin to Protect Your User Passwords

Announcing a Free Wordpress Plugin to Protect Your User Passwords

Rebecca Yarbrough — April 11th, 2019

The Virgil Security “Pure” WordPress Plugin is a free tool that protects Wordpress user passwords from data breaches and both online and offline attacks, and renders stolen passwords useless if your database is compromised, based on the technology found in the PureKit framework.

Wordpress powers 30% of the top ten million of the world’s websites1. It’s far and away the most popular and widely used blogging and CMS platform, and such popularity attracts attention from hackers looking to exploit weaknesses in those Wordpress sites.

Wordpress itself offers hashing and salting for passwords, but despite this passwords are the second most common way that Wordpress sites are breached.

Unfortunately, most of the other advice and Wordpress plugins to address this vulnerability focus on attempting to change end-user behavior by requiring stronger passwords and other methods that just slow down hackers without stopping them. Salted and hashed passwords are still vulnerable to brute force attacks; it just takes a little more time and money. For e-commerce, healthcare, financial services and other sites with valuable data, that extra computing power is worth it.

It’s been shown that users are not going to stop reusing passwords or choosing commonly used passwords. So instead of entrusting your site’s security, your reputation, and your company’s financial future to your users, it makes more sense to fix the problem on the development side.

The Virgil Pure Wordpress Plugin is based on the Virgil PureKit but is customized for Wordpress users, and it’s completely free. Instead of storing user passwords (even hashed and salted) in the database, they are instead replaced with a cryptographic value that can only unlock the user account when the original password is typed in. So your database will have no knowledge of your users' passwords, which protects you and them. And even if your database is breached, users will not need to change their original passwords.

Get started here and follow the simple instructions to protect your user passwords in your database.

Not a PHP developer building on Wordpress? Looking for records protection for healthcare, financial or any other sensitive data in your database? PureKit might be a better fit for you. Learn more here.

Virgil Security, Inc. builds developer toolkits that solve business problems by encrypting data and therefore lessening legal and compliance liability. Teams can secure their application data with end-to-end encryption, manage devices across a network, and secure passwords and PII in the database using Virgil’s suite of open source SDKs. To learn more, visit