diff --git a/packages/better-auth/src/plugins/haveibeenpwned/index.ts b/packages/better-auth/src/plugins/haveibeenpwned/index.ts
index fe3de044e5..bc2a237df0 100644
--- a/packages/better-auth/src/plugins/haveibeenpwned/index.ts
+++ b/packages/better-auth/src/plugins/haveibeenpwned/index.ts
@@ -29,6 +29,7 @@ async function checkPasswordCompromise(
 					"Add-Padding": "true",
 					"User-Agent": "BetterAuth Password Checker",
 				},
+				timeout: 5000, // 5s timeout
 			},
 		);
 
@@ -81,15 +82,19 @@ export const haveIBeenPwned = (options?: HaveIBeenPwnedOptions | undefined) => {
 					password: {
 						...ctx.password,
 						async hash(password) {
-							const c = await getCurrentAuthContext();
-							if (!c.path || !paths.includes(c.path)) {
+							try {
+								const c = await getCurrentAuthContext();
+								if (!c.path || !paths.includes(c.path)) {
+									return ctx.password.hash(password);
+								}
+								await checkPasswordCompromise(
+									password,
+									options?.customPasswordCompromisedMessage,
+								);
+								return ctx.password.hash(password);
+							} catch (e) {
 								return ctx.password.hash(password);
 							}
-							await checkPasswordCompromise(
-								password,
-								options?.customPasswordCompromisedMessage,
-							);
-							return ctx.password.hash(password);
 						},
 					},
 				},