Plugin / PHP Native password hash
Ayesh Karunaratne
Description
Description
This plugin swaps out WordPress core’s password hashing mechanism with PHP 5.5’s password_hash() and its accompanying functions. By default, PHP uses bcrypt to hash the passwords. If available, this plugin will use modern Argon2 algorithm. The transition will be transparent.
- A password salt will be generated using a Cryptographically Secure Pseudo-Random Number Generator (
CSPRNG) - Password hashes are safe from dictionary attacks with rainbow tables or any other precomputed hash lists, because a secure salt is generated for each password.
- The password hashing is iterated multiple times to provide a good resistance against brute-force attacks.
- Password checks are made in a way that it mitigates time-attacks.
- You do not have to reset passwords of all users. Passwords already hashed in the database will be rehashed automatically and transparently the next time the user logs in.
- PHP might come up with newer password hashing algorithms, and they will be automatically supported without having to reset all the passwords.
This plugin was made initially because one of our applications used WordPress for authentication, but we needed to use an external system
to verify the passwords directly from the database too. Since WordPress has its own password hashing algorithm, we decided to make this plugin to address that problem.
With this plugin, passwords generated by both WordPress and other custom applications now use the PHP’s default password_hash() functions without compromising any of the applications security.
Get Started With Free Trial
Explore the offer details: Discover it now
Ratings
Rating breakdown
Details Information
Version
First Released
Total Downloads
Wordpress Version
Tested up to:
Require PHP Version:
Tags
Contributors
Languages
The plugin hasn't been transalated in any language other than English.
DIRECTORY DISCLAIMER
The information provided in this THEME/PLUGIN DIRECTORY is made available for information purposes only, and intended to serve as a resource to enable visitors to select a relevant theme or plugin. wpSocket gives no warranty of any kind, express or implied with regard to the information, including without limitation any warranty that the particular theme or plugin that you select is qualified on your situation.
The information in the individual theme or plugin displayed in the Directory is provided by the owners and contributors themselves. wpSocket gives no warranty as to the accuracy of the information and will not be liable to you for any loss or damage suffered by you as a consequence of your reliance on the information.
Links to respective sites are offered to assist in accessing additional information. The links may be outdated or broken. Connect to outside sites at your own risk. The Theme/Plugin Directory does not endorse the content or accuracy of any listing or external website.
While information is made available, no guarantee is given that the details provided are correct, complete or up-to-date.
wpSocket is not related to the theme or plugin, and also not responsible and expressly disclaims all liability for, damages of any kind, arising out of the use, reference to, or reliance on, any information or business listed throughout our site.