wp_hash_password( string $password )
Create a hash (encrypt) of a plain text password.
Contents
Description
For integration with other applications, this function can be overwritten to instead use the other package password checking algorithm.
Parameters
- $password
-
(string) (Required) Plain text user password to hash
Return
(string) The hash string of the password
More Information
This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.
Creates a hash of a plain text password. Unless the global $wp_hasher is set, the default implementation uses PasswordHash, which adds salt to the password and hashes it with 2**8 = 256 passes of MD5. MD5 is used by default because it’s supported on all platforms. You can configure PasswordHash to use Blowfish or extended DES (if available) instead of MD5 with the $portable_hashes constructor argument or property (see examples).
Source
File: wp-includes/pluggable.php
function wp_hash_password( $password ) {
global $wp_hasher;
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
// By default, use the portable hash from phpass.
$wp_hasher = new PasswordHash( 8, true );
}
return $wp_hasher->HashPassword( trim( $password ) );
}
Expand full source code Collapse full source code View on Trac View on GitHub
Changelog
| Version | Description |
|---|---|
| 2.5.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.
Compare an already hashed password with its plain-text string:
<?php $wp_hasher = new PasswordHash(8, TRUE); $password_hashed = '$P$B55D6LjfHDkINU5wF.v2BuuzO0/XPk/'; $plain_password = 'test'; if($wp_hasher->CheckPassword($plain_password, $password_hashed)) { echo "YES, Matched"; } else { echo "No, Wrong Password"; } ?>Expand full source codeCollapse full source code
Use Blowfish or extended DES (if available) instead of MD5 to hash the password with 16 rounds of hashing: