WordPress at a glance

wp_hash() WP 2.0.3

Gets hash of a given string.

A hash — it is a fixed-length string created from any data. Such a string is created in such a way that the probability of occurrence of different data with the same hash tends to zero, and restore data by their hash was as difficult as possible.

This is a pluggable function, and it can be replaced from plugin. It means that this function is defined (works) only after all plugins are connected (included), but before this moment the function has not yet been defined... Therefore, you cannot call this and all functions depended on this function directly from a plugin code. It must be called via hook plugins_loaded or later, for example on hook init.

Function replacement (override) — in a plugin you can create a function with the same name, then it will replace this function.

Works based on: hash_hmac()
✈ 1 time = 0.000001s = speed of light | 50000 times = 0.08s = speed of light PHP 7.2.5, WP 4.9.8

No Hooks.


String. Hash of $data


wp_hash( $data, $scheme );
$data(string) (required)
Plain text, a hash of which to create.

Authentication scheme. The principle of hashing. This parameter is passed to wp_salt(), the result of which is then added to the hash. It may be:

  • auth
  • secure_auth
  • logged_in
  • nonce

Default: 'auth'


#1 Demonstration

echo wp_hash( 'wp-kama' ); //> af3393632a8bb769275e1e992cac39c4
// second call
echo wp_hash( 'wp-kama' ); //> af3393632a8bb769275e1e992cac39c4

echo wp_hash( 'WP-KAMA' ); //> b919a9bc1a3f37892bd3dc150e67785a

Code of wp_hash: wp-includes/pluggable.php VER 5.0.1

function wp_hash($data, $scheme = 'auth') {
	$salt = wp_salt($scheme);

	return hash_hmac('md5', $data, $salt);

Related Functions

From category: Security

No comments
    Hello, !     Log In . Register