WordPress.org

Codex

Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Function Reference/wp hash password

Description

This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.

Creates a hash of a plain text password. Unless the global $wp_hasher is set, the default implementation uses PasswordHash, which adds salt to the password and hashes it with 8 passes of MD5. MD5 is used by default because it's supported on all platforms. You can configure PasswordHash to use Blowfish or extended DES (if available) instead of MD5 with the $portable_hashes constructor argument or property (see examples).

For integration with other applications, this function can be overwritten to instead use the other package password checking algorithm.

Usage

<?php $hash wp_hash_password$password ?>

Parameters

$password
(string) (required) Plain text user password to hash.
Default: None

Return Values

(string) 
The hash string of the password.

Examples

Compare an already hashed password with its plain-text string:
<?php
$wp_hasher = new PasswordHash(8, TRUE);

$password_hashed = '$P$B55D6LjfHDkINU5wF.v2BuuzO0/XPk/';
$plain_password = 'test';

if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
    echo "YES, Matched";
} else {
    echo "No, Wrong Password";
}
?>
Use Blowfish or extended DES (if available) instead of MD5 to hash the password with 16 rounds of hashing:
$wp_hasher = new PasswordHash(16, FALSE);
$hashedPassword = wp_hash_password($password);

Notes

  • This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.
  • Uses: PasswordHash::HashPassword()
  • Uses global: (unknown type) $wp_hasher

Change Log

  • Since: 2.5

Source File

wp_hash_password() is located in wp-includes/pluggable.php.

Related

wp_hash_password(), wp_set_password()

See also index of Function Reference and index of Template Tags.