wp-password-bcrypt is an open source project and completely free to use.
Overview
wp-password-bcrypt is a WordPress plugin to replace WP’s outdated and insecure MD5-based password hashing with the modern and secure bcrypt.
This plugin requires PHP >= 5.5.0, and comes with the built-in password_hash and password_verify functions in WordPress.
The Problem
WordPress still uses an MD5-based password hashing scheme. This makes 25% of websites less secure because they refuse to increase their minimum PHP requirements. By continuing to allow EOL PHP versions back to 5.2, they are unable to use newer functions like password_hash.
This is a known issue that WordPress has ignored for over 4 years now. Not only does WordPress default to MD5, which is insecure, it also doesn’t do any of the following:
Solution
WordPress has done at least one good thing: they made the wp_check_password and wp_hash_password functions pluggable. This means we can define these functions in a plugin and “override” the default functions.
This plugin adds 3 functions:
wp_check_password
wp_hash_password
wp_set_password
wp_hash_password
This function is the simplest. This plugin just calls password_hash instead of WP’s default password hash function. wp_hash_password_options Filter is available to set options that have acceptable password_hash.
wp_check_password
Basically, this function just calls password_verify instead of the default function. However, it also checks to see if the user’s password has been hashed previously with the old MD5-based hash function and hashes it again with bcrypt. This means you can still install this plugin on an existing site and everything will work seamlessly.
The check_password filter is available just like the default WP function.
wp_set_password
This function is included here literally but with the addition of a function that returns the hash. The default WP function does not return anything, meaning you will be hashing it twice for no reason.
This action wp_set_password is available just like the default WP function.
Bài Viết Liên Quan
Pros and cons of flatsome ux builder page editor
WPBakery: Pros and Cons Compared to Other Page Builders
Why is ssl important for website
Create a table of contents for your website using wordpress with Easy Table of Contents
Introduction to Jetpack plugin and its benefits with WordPress
Introduction to Flatsome Theme
Bài Viết Cùng thể loại
Pros and cons of flatsome ux builder page editor
WPBakery: Pros and Cons Compared to Other Page Builders
Create a table of contents for your website using wordpress with Easy Table of Contents
Introduction to Jetpack plugin and its benefits with WordPress
Introduction to Flatsome Theme
Assign user permissions with the User Role Editor plugin