/ Register

Discover Centmin Mod today
Register Now

Wordpress Stronger WordPress Password Hashing with bcrypt

Discussion in 'Blogs & CMS usage' started by eva2000, Apr 5, 2016.

Tags:
Previous Thread Next Thread
Loading...
  1. Apr 5, 2016 #1
    eva2000

    eva2000 Administrator Staff Member

    36,047
    7,907
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,189
    Local Time:
    3:21 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Interesting article over at WPMU Dev discussing stronger wordpress password hashing with bcrypt Making Your WordPress Password Hashing Stronger with bcrypt - WPMU DEV
    Would Centmin Mod users like to see Wordpress auto installer routine use the more secure bcrypt method via auto installed WP bcrypt plugin ?
     
    • Like Like x 1
    • Winner Winner x 1
  2. Apr 5, 2016 #2
    pamamolf

    pamamolf Well-Known Member

    3,113
    295
    83
    May 31, 2014
    Ratings:
    +530
    Local Time:
    8:21 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Yes it is a must :)
     
  3. Apr 13, 2016 #3
    AKIN SENOL

    AKIN SENOL Member

    36
    3
    8
    Oct 17, 2014
    London
    Ratings:
    +8
    Local Time:
    6:21 PM
    1.9.12
    10.1.12
    It would be very nice and secure @eva2000
     
  4. Sep 26, 2017 #4
    rc112

    rc112 Member

    124
    14
    18
    Sep 22, 2017
    Ratings:
    +15
    Local Time:
    1:21 AM
    Hi Is there any update or plan on more secure bcrypt method? Very interested. Thanks.
     
  5. Sep 26, 2017 #5
    eva2000

    eva2000 Administrator Staff Member

    36,047
    7,907
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,189
    Local Time:
    3:21 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    haven't revisited this topic in ages. Not sure if Wordpress changed their default hashing method by default yet ? If they haven't there's a few plugins that offer this too https://wordpress.org/plugins/search/bcrypt/

    the one mentioned in above article looks interesting but it's manual install (which i could automate) https://roots.io/plugins/bcrypt-password/ though last time it was updated was Feb 2016 https://github.com/roots/wp-password-bcrypt/blob/master/wp-password-bcrypt.php though whether it needed updating is another question https://github.com/roots/wp-password-bcrypt/issues/10.
     
    Last edited: Sep 26, 2017
  6. Sep 27, 2017 #6
    rc112

    rc112 Member

    124
    14
    18
    Sep 22, 2017
    Ratings:
    +15
    Local Time:
    1:21 AM
    yes, thanks for pointing out the issues. Maybe 2 way authentication would help! Thanks.
     
Previous Thread Next Thread
Loading...
..

.