wp_generate_password( int $length = 12, bool $special_chars = true, bool $extra_special_chars = false ): string

Generates a random password drawn from the defined set of characters.

Contents

Description

Uses wp_rand() to create passwords with far less predictability than similar native PHP functions like rand() or mt_rand().

Top ↑

Parameters

$length int Optional
The length of password to generate.

Default: 12

$special_chars bool Optional
Whether to include standard special characters.

Default: true

$extra_special_chars bool Optional
Whether to include other special characters.
Used when generating secret keys and salts.

Default: false

Top ↑

Return

string The random password.

Top ↑

More Information

This function executes the random_password filter after generating the password.

Normal characters: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789

Special characters: !@#$%^&*()

Extra special characters: -_ []{}<>~`+=,.;:/?|

Top ↑

Source

File: wp-includes/pluggable.php. View all references 

function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) {
	$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
	if ( $special_chars ) {
		$chars .= '!@#$%^&*()';
	}
	if ( $extra_special_chars ) {
		$chars .= '-_ []{}<>~`+=,.;:/?|';
	}

	$password = '';
	for ( $i = 0; $i < $length; $i++ ) {
		$password .= substr( $chars, wp_rand( 0, strlen( $chars ) - 1 ), 1 );
	}

	/**
	 * Filters the randomly-generated password.
	 *
	 * @since 3.0.0
	 * @since 5.3.0 Added the `$length`, `$special_chars`, and `$extra_special_chars` parameters.
	 *
	 * @param string $password            The generated password.
	 * @param int    $length              The length of password to generate.
	 * @param bool   $special_chars       Whether to include standard special characters.
	 * @param bool   $extra_special_chars Whether to include other special characters.
	 */
	return apply_filters( 'random_password', $password, $length, $special_chars, $extra_special_chars );
}

View on Trac View on GitHub

Top ↑

Hooks

Top ↑

Top ↑

Uses

Uses
Uses Description
wp_rand() wp-includes/pluggable.php

Generates a random non-negative number.
apply_filters() wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

Top ↑

Used By

Used By
Used By Description
wp_generate_block_templates_export_file() wp-includes/block-template-utils.php

Creates an export of the current templates and template parts from the site editor at the specified path in a ZIP file.
wp_ajax_nopriv_generate_password() wp-admin/includes/ajax-actions.php

Handles generating a password in the no-privilege context via AJAX.
WP_Application_Passwords::create_new_application_password() wp-includes/class-wp-application-passwords.php

Creates a new application password.
WP_Recovery_Mode_Key_Service::generate_recovery_mode_token() wp-includes/class-wp-recovery-mode-key-service.php

Creates a recovery mode token.
WP_Recovery_Mode_Key_Service::generate_and_store_recovery_mode_key() wp-includes/class-wp-recovery-mode-key-service.php

Creates a recovery mode key.
WP_Recovery_Mode_Cookie_Service::generate_cookie() wp-includes/class-wp-recovery-mode-cookie-service.php

Generates the recovery mode cookie value.
WP_Recovery_Mode_Cookie_Service::recovery_mode_hash() wp-includes/class-wp-recovery-mode-cookie-service.php

Gets a form of wp_hash() specific to Recovery Mode.
wp_generate_user_request_key() wp-includes/user.php

Returns a confirmation key for a user action and stores the hashed version for future comparison.
wp_privacy_generate_personal_data_export_file() wp-admin/includes/privacy-tools.php

Generate the personal data export file.
wp_filter_oembed_result() wp-includes/embed.php

Filters the given oEmbed HTML.
get_post_embed_html() wp-includes/embed.php

Retrieves the embed code for a specific post.
get_password_reset_key() wp-includes/user.php

Creates, stores, then returns a password reset key for user.
wp_ajax_generate_password() wp-admin/includes/ajax-actions.php

Handles generating a password via AJAX.
WP_Session_Tokens::create() wp-includes/class-wp-session-tokens.php

Generates a session token and attaches session information to it.
network_step2() wp-admin/includes/network.php

Prints step 2 for Network installation process.
display_setup_form() wp-admin/install.php

Displays installer setup form.
wp_install() wp-admin/includes/upgrade.php

Installs the site.
wp_tempnam() wp-admin/includes/file.php

Returns a filename of a temporary unique file.
wp_salt() wp-includes/pluggable.php

Returns a salt to add to hashes.
register_new_user() wp-includes/user.php

Handles registering a new user.
wpmu_activate_signup() wp-includes/ms-functions.php

Activates a signup.
generate_random_password() wp-includes/ms-deprecated.php

Generates a random password.
Show 17 more used by Hide more used by

Top ↑

Changelog

Changelog
Version Description
2.5.0 Introduced.

Top ↑

User Contributed Notes

  4. Skip to note 4 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note
    Contributed by Ivijan-Stefan Stipic

    You can use the wp_generate_password() function to create a unique hash that can be added as a parameter to URLs. This is useful in scenarios such as cache busting (forcing the browser to re-fetch the page instead of using a cached version) or generating unique referral links.

    Here’s an example of how to implement this:

    $url = home_url( '/some-location' ); // Get some URL of your WordPress site
$url = add_query_arg( array(
    '_some_param' => wp_generate_password( 32, false, false ) // Generate a unique hash
), $url );

wp_safe_redirect( $url ); // Safely redirect to the new URL

    You can replace home_url() with any other URL you want to use as the base.

You must log in before being able to contribute a note or feedback.