WordFence Rejects Leaked Passwords

Example of WordFence Insecure Password error screen
Click to enlarge

Our hosted WordPress sites using the WordFence plugin have now been updated with a new feature that detects when an email address logs in with credentials that have been previously discovered to be compromised in known password leaks from various sources. This feature increases protection since it stops a malicious third-party from using the leaked credentials to log in as you. If you see the INSECURE PASSWORD error when logging in, click the link to “reset your password” via email. After that, if you need additional help, please contact web services.