Replaces wp_hash_password and wp_check_password with PHP 5.5's password_hash and password_verify.
wp-password-bcrypt is a WordPress plugin to replace WP’s outdated and insecure
MD5-based password hashing with the modern and secure bcrypt.
It is written by roots.io people.
This plugin requires PHP >= 5.5.0 which introduced the built-inpassword_hash
andpassword_verify
functions.
See Improving WordPress Password Security
for more background on this plugin and the password hashing issue.
/wp-content/plugins/password-bcrypt
directory, or install the plugin through the WordPress plugins screen directly.If you don’t use Composer, you can manually copy wp-password-bcrypt.php
into your mu-plugins
folder.
We do not recommend using this as a normal (non-MU) plugin. It makes it too easy to disable or remove the plugin.