wp_hash()WP 2.0.3

Gets hash of a given string.

A hash — it is a fixed-length string created from any data. Such a string is created in such a way that the probability of occurrence of different data with the same hash tends to zero, and restore data by their hash was as difficult as possible.

Pluggable function — this function can be replaced from a plugin. It means that this function is defined (works) only after all plugins are loaded (included), but before this moment this function has not defined. Therefore, you cannot call this and all functions depended on this function directly from a plugin code. They need to be called on plugins_loaded hook or later, for example on init hook.

Function replacement (override) — in must-use or regular plugin you can create a function with the same name, then it will replace this function.

1 time — 0.000001 sec (speed of light) | 50000 times — 0.08 sec (speed of light) | PHP 7.2.5, WP 4.9.8

No Hooks.


String. Hash of $data.


wp_hash( $data, $scheme );
$data(string) (required)
Plain text, a hash of which to create.

Authentication scheme. The principle of hashing. This parameter is passed to wp_salt(), the result of which is then added to the hash. It may be:

  • auth
  • secure_auth
  • logged_in
  • nonce

Default: 'auth'



#1 Demonstration

echo wp_hash( 'wp-kama' ); //> af3393632a8bb769275e1e992cac39c4
// second call
echo wp_hash( 'wp-kama' ); //> af3393632a8bb769275e1e992cac39c4

echo wp_hash( 'WP-KAMA' ); //> b919a9bc1a3f37892bd3dc150e67785a


Since 2.0.3 Introduced.

wp_hash() code WP 6.5.2

function wp_hash( $data, $scheme = 'auth' ) {
	$salt = wp_salt( $scheme );

	return hash_hmac( 'md5', $data, $salt );