Title: wp_verify_fast_hash Published: April 28, 2025 Last modified: May 20, 2026 --- # wp_verify_fast_hash( string $message, string $hash ): bool ## In this article * [Description](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#description) * [Parameters](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#parameters) * [Return](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#source) * [Related](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#changelog) [ Back to top](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#wp--skip-link--target) Checks whether a plaintext message matches the hashed value. Used to verify values hashed via [wp_fast_hash()](https://developer.wordpress.org/reference/functions/wp_fast_hash/). ## 󠀁[Description](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#description)󠁿 The function uses Sodium to hash the message and compare it to the hashed value. If the hash is not a generic hash, the hash is treated as a phpass portable hash in order to provide backward compatibility for passwords and security keys which were hashed using phpass prior to WordPress 6.8.0. ## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#parameters)󠁿 `$message`stringrequired The plaintext message. `$hash`stringrequired Hash of the message to check against. ## 󠀁[Return](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#return)󠁿 bool Whether the message matches the hashed message. ## 󠀁[Source](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#source)󠁿 ```php function wp_verify_fast_hash( #[\SensitiveParameter] string $message, string $hash ): bool { if ( ! str_starts_with( $hash, '$generic$' ) ) { // Back-compat for old phpass hashes. require_once ABSPATH . WPINC . '/class-phpass.php'; return ( new PasswordHash( 8, true ) )->CheckPassword( $message, $hash ); } return hash_equals( $hash, wp_fast_hash( $message ) ); } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/functions.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/7.0/src/wp-includes/functions.php#L9268) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/7.0/src/wp-includes/functions.php#L9268-L9280) ## 󠀁[Related](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#related)󠁿 | Uses | Description | | [wp_fast_hash()](https://developer.wordpress.org/reference/functions/wp_fast_hash/)`wp-includes/functions.php` | Returns a cryptographically secure hash of a message using a fast generic hash function. | | Used by | Description | | [WP_Application_Passwords::check_password()](https://developer.wordpress.org/reference/classes/wp_application_passwords/check_password/)`wp-includes/class-wp-application-passwords.php` | Checks a plaintext application password against a hashed password. | | [WP_Recovery_Mode_Key_Service::validate_recovery_mode_key()](https://developer.wordpress.org/reference/classes/wp_recovery_mode_key_service/validate_recovery_mode_key/)`wp-includes/class-wp-recovery-mode-key-service.php` | Verifies if the recovery mode key is correct. | | [wp_validate_user_request_key()](https://developer.wordpress.org/reference/functions/wp_validate_user_request_key/)`wp-includes/user.php` | Validates a user request by comparing the key with the request’s key. | | [check_password_reset_key()](https://developer.wordpress.org/reference/functions/check_password_reset_key/)`wp-includes/user.php` | Retrieves a user row based on password reset key and login. | ## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/wp_verify_fast_hash/?output_format=md#changelog)󠁿 | Version | Description | | [6.8.0](https://developer.wordpress.org/reference/since/6.8.0/) | Introduced. | ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_verify_fast_hash%2F) before being able to contribute a note or feedback.