11 votes

AttackMonkey Security Helper

Update: this package DOES NOT work with 4.10+. Something was changed in the edit user page that has broken this package. I'm currently looking into this, and hope to have it fixed soon.

Update: 1.1 released, minor update to fix minor bug in the way the RegEx was interpreted by IE6/7 which meant the rules weren't enforced properly. Have also added some CSS to make the error message stand out more.

This is simple package that improves the security of the users section. By default there is no password strength validation on the users edit page, other than requiring that something be entered. This means it is possible for users to have single letter passwords, or easily guessed password like "dog".

This package adds a regexp validator to the password field of the password editor that enforces a basic minimum password strength. Currently this is set to enforce the following rules:

  • password must be at least 8 characters long
  • password must contain at least 1 upper case character
  • password must contain at least 1 lower case character
  • password must contain at least 1 number

This allows you to make sure that no easily hackable passwords are set up.

I intend to update this package with a few more security things in the future, such as the option to add a captcha to the cms login to stop dictionary attacks. All feedback/suggestions appreciated, don't forget to vote up if you like it!

Package owner



Tim has 2675 karma points

Package Compatibility

This package is compatible with the following versions as reported by community members who have downloaded this package:
Untested or doesn't work on Umbraco Cloud
Version 8.18.x (untested)

You must login before you can report on package compatibility.

Previously reported to work on versions:

Package Information

  • Package owner: Tim
  • Created: 02/09/2010
  • Current version 1.1
  • License MIT
  • Downloads on Our: 1.9K