WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wp_hash()

wp_hash( string $data, string $scheme = 'auth', string $algo = 'md5' ): string

In this article

Back to top

Gets the hash of the given string.

Description

The default algorithm is md5 but can be changed to any algorithm supported by hash_hmac(). Use the hash_hmac_algos() function to check the supported algorithms.

Parameters

$datastringrequired
Plain text to hash.
$schemestringoptional
Authentication scheme (auth, secure_auth, logged_in, nonce).

Default:'auth'

$algostringoptional
Hashing algorithm to use. Default: 'md5'.

Default:'md5'

Return

string Hash of $data.

More Information

Usage:
wp_hash( $data, $scheme );
Notes:
  • This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.
  • Uses: wp_salt() Get WordPress salt.

Source

function wp_hash( $data, $scheme = 'auth', $algo = 'md5' ) {
	$salt = wp_salt( $scheme );

	// Ensure the algorithm is supported by the hash_hmac function.
	if ( ! in_array( $algo, hash_hmac_algos(), true ) ) {
		throw new InvalidArgumentException(
			sprintf(
				/* translators: 1: Name of a cryptographic hash algorithm. 2: List of supported algorithms. */
				__( 'Unsupported hashing algorithm: %1$s. Supported algorithms are: %2$s' ),
				$algo,
				implode( ', ', hash_hmac_algos() )
			)
		);
	}

	return hash_hmac( $algo, $data, $salt );
}

View all references View on Trac View on GitHub

UsesDescription
wp_salt()wp-includes/pluggable.php

Returns a salt to add to hashes.

Used byDescription
WP_REST_Widgets_Controller::prepare_item_for_response()wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php

Prepares the widget for the REST response.

WP_REST_Widgets_Controller::save_widget()wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php

Saves the widget in the request object.

WP_REST_Widget_Types_Controller::encode_form_data()wp-includes/rest-api/endpoints/class-wp-rest-widget-types-controller.php

An RPC-style endpoint which can be used by clients to turn user input in a widget admin form into an encoded instance object.

wp_get_unapproved_comment_author_email()wp-includes/comment.php

Gets unapproved comment author’s email.

WP_Customize_Nav_Menus::hash_nav_menu_args()wp-includes/class-wp-customize-nav-menus.php

Hashes (hmac) the nav menu arguments to ensure they are not tampered with when submitted in the Ajax request.

wp_verify_nonce()wp-includes/pluggable.php

Verifies that a correct security nonce was used with time limit.

wp_create_nonce()wp-includes/pluggable.php

Creates a cryptographic token tied to a specific action, user, user session, and window of time.

wp_validate_auth_cookie()wp-includes/pluggable.php

Validates authentication cookie.

wp_generate_auth_cookie()wp-includes/pluggable.php

Generates authentication cookie contents.

WP_Customize_Widgets::get_instance_hash_key()wp-includes/class-wp-customize-widgets.php

Retrieves MAC for a serialized widget instance string.

Show 5 moreShow less

Changelog

VersionDescription
6.8.0The $algo parameter was added.
2.0.3Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.