Skip to content

Instantly share code, notes, and snippets.

@einkoro
Last active May 10, 2016 16:52
Show Gist options
  • Save einkoro/11078301 to your computer and use it in GitHub Desktop.
Save einkoro/11078301 to your computer and use it in GitHub Desktop.
Must-use plugin for WordPress to swap phpass to PHP 5.5's new password_hash and password_verify using bcrypt
<?php
/**
* Plugin Name: WP PASSWORD_BCRYPT
* Plugin URI: http://bitpiston.com/
* Description: Replaces wp_hash_password and wp_check_password's phpass hasher with PHP 5.5's password_hash and password_verify using bcrypt.
* Author: BitPiston Studios
* Author URI: http://bitpiston.com/
* Version: 1.2
* Licence: BSD
*/
function wp_hash_password($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
return $hash;
}
function wp_check_password($password, $hash, $user_id = '')
{
// Check for older passwords and update them
if ( substr($hash, 0, 3) == '$P$' )
{
global $wp_hasher;
if ( empty($wp_hasher) )
{
require_once(ABSPATH . WPINC . '/class-phpass.php');
$wp_hasher = new PasswordHash(8, true);
}
$check = $wp_hasher->CheckPassword($password, $hash);
if ( $check && $user_id )
{
// Rehash using new hash if they match.
wp_set_password($password, $user_id);
$hash = wp_hash_password($password);
}
}
$check = password_verify($password, $hash);
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
@einkoro
Copy link
Author

einkoro commented Mar 25, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment