Password bcrypt
Roots By Roots

July 21, 2016

Password bcrypt Plugin

Replaces wp_hash_password and wp_check_password with PHP 5.5's password_hash and password_verify.

wp-password-bcrypt is a WordPress plugin to replace WP’s outdated and insecure
MD5-based password hashing with the modern and secure bcrypt.

It is written by roots.io people.

This plugin requires PHP >= 5.5.0 which introduced the built-in
password_hash and
password_verify functions.

See Improving WordPress Password Security
for more background on this plugin and the password hashing issue.

Installation

  1. Upload the plugin files to the /wp-content/plugins/password-bcrypt directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress

FAQ

Manual installation as a must-use plugin

If you don’t use Composer, you can manually copy wp-password-bcrypt.php into your mu-plugins folder.

We do not recommend using this as a normal (non-MU) plugin. It makes it too easy to disable or remove the plugin.

Changelog

1.0.3

  • Check for another password plugin.

1.0.2

  • Added license file, excuse me.

1.0.1

Details

  • Version: 1.0.3
  • Active installations: 3,000
  • WordPress Version: 4.4
  • Tested up to: 4.5.32

Ratings


5 Stars
4 Stars
3 Stars
2 Stars
1 Stars