Join the community today
Become a Member

Wordpress Stronger WordPress Password Hashing with bcrypt

Discussion in 'Blogs & CMS usage' started by eva2000, Apr 5, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    55,983
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    2:00 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Interesting article over at WPMU Dev discussing stronger wordpress password hashing with bcrypt Making Your WordPress Password Hashing Stronger with bcrypt - WPMU DEV
    Would Centmin Mod users like to see Wordpress auto installer routine use the more secure bcrypt method via auto installed WP bcrypt plugin ?

     
  2. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    7:00 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    Yes it is a must :)
     
  3. AKIN SENOL

    AKIN SENOL Member

    36
    3
    8
    Oct 17, 2014
    London
    Ratings:
    +8
    Local Time:
    5:00 AM
    1.9.12
    10.1.12
    It would be very nice and secure @eva2000
     
  4. rc112

    rc112 Member

    126
    14
    18
    Sep 22, 2017
    Ratings:
    +15
    Local Time:
    12:00 PM
    Hi Is there any update or plan on more secure bcrypt method? Very interested. Thanks.
     
  5. eva2000

    eva2000 Administrator Staff Member

    55,983
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    2:00 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    haven't revisited this topic in ages. Not sure if Wordpress changed their default hashing method by default yet ? If they haven't there's a few plugins that offer this too https://wordpress.org/plugins/search/bcrypt/

    the one mentioned in above article looks interesting but it's manual install (which i could automate) https://roots.io/plugins/bcrypt-password/ though last time it was updated was Feb 2016 https://github.com/roots/wp-password-bcrypt/blob/master/wp-password-bcrypt.php though whether it needed updating is another question https://github.com/roots/wp-password-bcrypt/issues/10.
     
    Last edited: Sep 26, 2017
  6. rc112

    rc112 Member

    126
    14
    18
    Sep 22, 2017
    Ratings:
    +15
    Local Time:
    12:00 PM
    yes, thanks for pointing out the issues. Maybe 2 way authentication would help! Thanks.