WP Modern Password Hashing Reviews, Downloads & Maintenance

Back to plugins

WordPress

Actions

Download Author page See on WordPress

Plugin info

Total downloads: 633

Active installs: 200

Total reviews: 0

Average rating: 0

Support threads opened: 0

Support threads resolved: 0 (0%)

Available in: 1 language(s)

Contributors: 1

Last updated: 10/2/2018 (2647 days ago)

Added to WordPress: 10/1/2018 (7 years old)

Minimum WordPress version: 3.9.2

Tested up to WordPress version: 4.9.22

Minimum PHP version: 5.2.4

Maintenance & Compatibility

Maintenance score

Possibly abandoned • Last updated 2647 days ago

20/100

Is WP Modern Password Hashing abandoned?

Possibly abandoned (last update 2647 days ago).

Compatibility

Requires WordPress: 3.9.2

Tested up to: 4.9.22

Requires PHP: 5.2.4

Ratings

0 See all reviews

Developers

michaelrhmw (Owner)1

Languages

Similar & Alternatives

Explore plugins with similar tags, and compare key metrics like downloads, ratings, updates, support, and WP/PHP compatibility.

Algorithmia

Rating 5.0/5 (3 reviews) • Active installs 10

Compare

See more alternatives to WP Modern Password Hashing

Description

For legacy support with a wider range of PHP versions, WordPress opts to use PHPASS (a portible password hashing library) which WordPress defaults to using a MD5 based hash.

The security of your password hashes can be improved by using a modern password hashing algorithm, such as BCRYPT for PHP 5.5+ or ARGON2I for PHP 7.2+

This plugin aims to improve the security of the hashed passwords by using PHP 5.5’s password_hash() function and the BCRYPT algorithm but also supports the newer ARGON2I algorithm.

For extended support when password_hash() is not available this plugin will fallback to using PHPASS with additional security when compared to the WordPress defaults.

Installation

Upload the plugin folder to the /wp-content/plugins directory, or install the plugin through the WordPress plugins screen directly.
Activate the plugin through the ‘Plugins’ screen in WordPress.
User passwords will be rehashed on the next successful login.

Frequently Asked Questions

How do I use ARGON2I

Currently you will need to update the alorithm in ‘wp-modern-password-hashing.php’ line 18, from PASSWORD_BCRYPT to PASSWORD_ARGON2I
Keep in mind that updates will undo your change, I plan to add an options screen to wp-admin.

How do I use BCRYPT

If PHP 5.5 or higher is used, then password_hash() will be available, and the plugin will default to using it.

Can I change between ARGON2I and BCRYPT?

Provided you change the alorithm in ‘wp-modern-password-hashing.php’ line 18.
Keep in mind that updates will undo your change, I plan to add an options screen to wp-admin.

Yes, you should be able to change back and forth (Provided your PHP version is suffcient), as the password will be checked against the password_verify and password_needs_rehash functions.

What about Legacy support?

In cases where password_hash() is not available, PHPASS as included with WordPress will be used, but with two adjustments.
The rounds/iterations_count option and the use_md5/portable_hashes have been adjusted from the WordPress defaults of ‘8, true’ to ’16, false’
This should improve the security of the hashed passwords, for those who are running on older versions of PHP.

Review feed

No reviews available

Screenshots

No screenshots available

Changelog

1.0.1

Changed: Cases of array being shorthanded to [];, to array(); for improved compatibility.
Changed: Function comments.
Changed: Tags.
Added: A few comments to various bits of code/functions.
Added: Check for ‘$2y$’ in PHPASS section of wp_check_password(), to improve compatibility where password_verify() is not available.
Added: In cases where password_verify() is not available and password is prefixed with ‘$2y$’, rehash password back to PHPASS ‘$P$’ or ‘$2a$’
Added: Column to ‘All Users’ page, to display the detected algorithm of each user (MD5, $P$, $2a$, $2y$ and $argon2i$)

1.0.0

Initial release.

Back to plugins