/ Register

Join the community today
Register Now

Wordpress Stronger WordPress Password Hashing with bcrypt

Discussion in 'Blogs & CMS usage' started by eva2000, Apr 5, 2016.

Tags:
Previous Thread Next Thread
Loading...
  1. Apr 5, 2016 #1
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:24 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Interesting article over at WPMU Dev discussing stronger wordpress password hashing with bcrypt Making Your WordPress Password Hashing Stronger with bcrypt - WPMU DEV
    Would Centmin Mod users like to see Wordpress auto installer routine use the more secure bcrypt method via auto installed WP bcrypt plugin ?
     
  2. Apr 5, 2016 #2
    pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    2:24 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Yes it is a must :)
     
  3. Apr 13, 2016 #3
    AKIN SENOL

    AKIN SENOL Member

    36
    3
    8
    Oct 17, 2014
    London
    Ratings:
    +8
    Local Time:
    12:24 AM
    1.9.12
    10.1.12
    It would be very nice and secure @eva2000
     
  4. Sep 26, 2017 #4
    rc112

    rc112 Member

    126
    14
    18
    Sep 22, 2017
    Ratings:
    +15
    Local Time:
    7:24 AM
    Hi Is there any update or plan on more secure bcrypt method? Very interested. Thanks.
     
  5. Sep 26, 2017 #5
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    9:24 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    haven't revisited this topic in ages. Not sure if Wordpress changed their default hashing method by default yet ? If they haven't there's a few plugins that offer this too https://wordpress.org/plugins/search/bcrypt/

    the one mentioned in above article looks interesting but it's manual install (which i could automate) https://roots.io/plugins/bcrypt-password/ though last time it was updated was Feb 2016 https://github.com/roots/wp-password-bcrypt/blob/master/wp-password-bcrypt.php though whether it needed updating is another question https://github.com/roots/wp-password-bcrypt/issues/10.
     
    Last edited: Sep 26, 2017
  6. Sep 27, 2017 #6
    rc112

    rc112 Member

    126
    14
    18
    Sep 22, 2017
    Ratings:
    +15
    Local Time:
    7:24 AM
    yes, thanks for pointing out the issues. Maybe 2 way authentication would help! Thanks.
     
Previous Thread Next Thread
Loading...

.