WordPress at Your Fingertips
vladlu and Kama5.7 years ago2

wp_hash_password()WP 2.5.0

Encrypts the specified text to make a password hash from it.

Creates a hash from plain text. The hash is always unique, i.e. if the function is called 2 times, the results will be different. see example 1.

The function uses the PasswordHash class, which is located in /wp-includes/class-phpass.php. PasswordHash can be configured, see the example.

Pluggable function — this function can be replaced from a plugin. It means that this function is defined (works) only after all plugins are loaded (included), but before this moment this function has not defined. Therefore, you cannot call this and all functions depended on this function directly from a plugin code. They need to be called on plugins_loaded hook or later, for example on init hook.

Function replacement (override) — in must-use or regular plugin you can create a function with the same name, then it will replace this function.

Used By: wp_set_password()
1 time — 0.003847 sec (very slow) | 50000 times — 106.27 sec (extremely slow) | PHP 7.2.5, WP 4.9.8

No Hooks.

Return

String. The hash string of the password.

Usage

wp_hash_password( $password );
$password(string) (required)
Plain text user password to hash.

Examples

1

#1 Let's compare the encrypted password with not encrypted one 

$wp_hasher = new PasswordHash( 8, TRUE );

$password_hashed = '$P$B55D6LjfHDkINU5wF.v2BuuzO0/XPk/';
$plain_password  = 'test';

if( $wp_hasher->CheckPassword($plain_password, $password_hashed) ) {
	echo "The passwords match";
}
else {
	echo "The password is not correct";
}
0

#2 Function operation example 

echo wp_hash_password( 'my_pass' ); //> $P$B1tp3GD53ykbIGC4hf84pvbEjSUloq.

// let's encrypt again in the same way
echo wp_hash_password( 'my_pass' ); //> $P$Bu3CWn/Y0zTG8IXJ8ee9yiT715tWxG/
0

#3 Set global variable $wp_hasher, to create a password with the required parameters: 

global $wp_hasher;
$wp_hasher = new PasswordHash( 16, FALSE );
$hashedPassword = wp_hash_password( $password );

Notes

  • Global. PasswordHash. $wp_hasher PHPass object.

Changelog

Since 2.5.0 Introduced.

wp_hash_password() code WP 6.5.2

wp-includes/pluggable.php 
function wp_hash_password( $password ) {
	global $wp_hasher;

	if ( empty( $wp_hasher ) ) {
		require_once ABSPATH . WPINC . '/class-phpass.php';
		// By default, use the portable hash from phpass.
		$wp_hasher = new PasswordHash( 8, true );
	}

	return $wp_hasher->HashPassword( trim( $password ) );
}

password

Site security (safety)

vladlu 100vlad.lu
Editors: Kama 247
2 comments
    Log In