WP_Application_Passwords::check_password
Checks a plaintext application password against a hashed password.
Method of the class: WP_Application_Passwords{}
No Hooks.
Returns
true|false. Whether the password matches the hashed password.
Usage
$result = WP_Application_Passwords::check_password( string $password, $hash ): bool;
- string $password(required)
.
It has the attribute #[\SensitiveParameter], which hides the value of the parameter from logs. It is used to protect sensitive data (for example, passwords). Documentation.
- $hash(string) (required)
- Hash of the password to check against.
Changelog
| Since 6.8.0 | Introduced. |
WP_Application_Passwords::check_password() WP Application Passwords::check password code WP 6.9.1
public static function check_password(
#[\SensitiveParameter]
string $password,
string $hash
): bool {
if ( ! str_starts_with( $hash, '$generic$' ) ) {
/*
* If the hash doesn't start with `$generic$`, it is a hash created with `wp_hash_password()`.
* This is the case for application passwords created before 6.8.0.
*/
return wp_check_password( $password, $hash );
}
return wp_verify_fast_hash( $password, $hash );
}