What type of hash does WordPress use for passwords?

W

If you look in to your WordPress database, you absolutely do not know what type of hash does WordPress use. You can find in users table passwords like this $P$BSs8sw1A8XAYtypu9qlldf0bviemIu1. As you see, this is not typical MD5 hash.

We have a word: wordpress
In MD5 hash: 1870a829d9bc69abf500eca6f00241fe
In WordPress hash: $P$BXb4SCf11vB9pPFJFbkDLzDqVq89ra/

The WordPress password hasher implements the Portable PHP password hashing framework. WordPress used MD5 in the older versions.

You can generate hashes using WordPress encryption scheme at WordPress password hasher: http://scriptserver.mainframe8.com/wordpress_password_hasher.php.

WordPress has the password encryption library located in /wp-includes/class-phpass.php. It is the Portable PHP Password hashing framework.

How to hash password by WordPress hash?

function wordpress_hash_password( $password ) {
 require_once( '/path/to/wp-includes/class-phpass.php' );
 $wp_hasher = new PasswordHash( 8, TRUE );
 $hashed_password = $wp_hasher->HashPassword( $password );
 return $hashed_password;
}

Add comment

Recent Posts

Categories

Recent Comments

Archives

Tag Cloud