In reply to Ross Wintle

@magicroundabout @AlexStandiford @schlessera @WPAleks @haveibeenpwned So WP-CLI would need your plain text password inorder to get the SHA-1 hash to accurately compare it against the pwned password API. Just taking it out of the database (and WordPress has no idea what your plain text password is) is useless since the hash will be different

Russell Heimlich

@kingkool68

WordPress developer at @CoderPad. Formerly of @nclud @spiritedmediaco, @pewresearch, @usnews. I made dummyimage.com and married @naudebynature.

Washington, D.C.
russellheimlich.com/blog
twitter.com/kingkool68
Joined December 13, 2006