Generates a random password drawn from the defined set of characters.
Description
Uses wp_rand() to create passwords with far less predictability than similar native PHP functions like rand()
or mt_rand()
.
Parameters
$length
intoptional- The length of password to generate.
Default:
12
$special_chars
booloptional- Whether to include standard special characters.
Default:
true
$extra_special_chars
booloptional- Whether to include other special characters.
Used when generating secret keys and salts.Default:
false
Source
$password_to_hash = base64_encode( hash_hmac( 'sha384', trim( $password ), 'wp-sha384', true ) );
// Add a prefix to facilitate distinguishing vanilla bcrypt hashes.
return '$wp' . password_hash( $password_to_hash, $algorithm, $options );
}
endif;
if ( ! function_exists( 'wp_check_password' ) ) :
/**
* Checks a plaintext password against a hashed password.
*
* Note that this function may be used to check a value that is not a user password.
* A plugin may use this function to check a password of a different type, and there
* may not always be a user ID associated with the password.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password hashing algorithm.
*
* @since 2.5.0
* @since 6.8.0 Passwords in WordPress are now hashed with bcrypt by default. A
* password that wasn't hashed with bcrypt will be checked with phpass.
*
* @global PasswordHash $wp_hasher phpass object. Used as a fallback for verifying
* passwords that were hashed with phpass.
*
* @param string $password Plaintext password.
* @param string $hash Hash of the password to check against.
Changelog
Version | Description |
---|---|
2.5.0 | Introduced. |
Generate an 8 character password using only letters and numbers:
Generate an 10 character password consisting of letters, numbers, special characters (!@#$%^&*()), and extra special characters (-_ []{}<>~`+=,.;:/?|):
Generate a 12 character password using these characters: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()
You can use the
wp_generate_password()
function to create a unique hash that can be added as a parameter to URLs. This is useful in scenarios such as cache busting (forcing the browser to re-fetch the page instead of using a cached version) or generating unique referral links.Here’s an example of how to implement this:
You can replace
home_url()
with any other URL you want to use as the base.Generate an 10 character password consisting of letters, numbers, special characters (!@#$%^&*()), and extra special characters (-_ []{}~`+=,.;:/?|):