wp_hash_password( string $password ): string

Creates a hash (encrypt) of a plain text password.

Contents

Description

For integration with other applications, this function can be overwritten to instead use the other package password checking algorithm.

Top ↑

Parameters

$password string Required
Plain text user password to hash.

Top ↑

Return

string The hash string of the password.

Top ↑

More Information

This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.

Creates a hash of a plain text password. Unless the global $wp_hasher is set, the default implementation uses PasswordHash, which adds salt to the password and hashes it with 2**8 = 256 passes of MD5. MD5 is used by default because it’s supported on all platforms. You can configure PasswordHash to use Blowfish or extended DES (if available) instead of MD5 with the $portable_hashes constructor argument or property (see examples).

Top ↑

Source

File: wp-includes/pluggable.php. View all references 

function wp_hash_password( $password ) {
	global $wp_hasher;

	if ( empty( $wp_hasher ) ) {
		require_once ABSPATH . WPINC . '/class-phpass.php';
		// By default, use the portable hash from phpass.
		$wp_hasher = new PasswordHash( 8, true );
	}

	return $wp_hasher->HashPassword( trim( $password ) );
}

View on Trac View on GitHub

Top ↑

Top ↑

Used By

Used By
Used By Description
WP_Application_Passwords::create_new_application_password() wp-includes/class-wp-application-passwords.php

Creates a new application password.
wp_set_password() wp-includes/pluggable.php

Updates the user’s password with a new encrypted one.
wp_check_password() wp-includes/pluggable.php

Checks the plaintext password against the encrypted Password.
wp_update_user() wp-includes/user.php

Updates a user in the database.
wp_insert_user() wp-includes/user.php

Inserts a user into the database.

Top ↑

Changelog

Changelog
Version Description
2.5.0 Introduced.

Top ↑

User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note
    Contributed by Codex

    Compare an already hashed password with its plain-text string:

    <?php
$wp_hasher = new PasswordHash(8, TRUE);

$password_hashed = '$P$B55D6LjfHDkINU5wF.v2BuuzO0/XPk/';
$plain_password = 'test';

if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
    echo "YES, Matched";
} else {
    echo "No, Wrong Password";
}
?>

You must log in before being able to contribute a note or feedback.