Description
wp-password-bcrypt is a WordPress plugin to replace WP’s outdated and insecure
MD5-based password hashing with the modern and secure bcrypt.
It is written by roots.io people.
This plugin requires PHP >= 5.5.0 which introduced the built-in
password_hash
and
password_verify
functions.
See Improving WordPress Password Security
for more background on this plugin and the password hashing issue.
Installation
- Upload the plugin files to the
/wp-content/plugins/password-bcrypt
directory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the ‘Plugins’ screen in WordPress
FAQ
- Manual installation as a must-use plugin
-
If you don’t use Composer, you can manually copy
wp-password-bcrypt.php
into yourmu-plugins
folder.We do not recommend using this as a normal (non-MU) plugin. It makes it too easy to disable or remove the plugin.
Reviews
Contributors & Developers
“Password bcrypt” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “Password bcrypt” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.3
- Check for another password plugin.
1.0.2
- Added license file, excuse me.
1.0.1
- This is the WordPress-stlye version of the original roots wp-password-bcrypt plugin