{"id":34910566,"url":"https://github.com/arraypress/wp-hash-utils","last_synced_at":"2026-01-20T16:35:07.192Z","repository":{"id":318728722,"uuid":"1053458209","full_name":"arraypress/wp-hash-utils","owner":"arraypress","description":"A lean WordPress library for hashing, password security, data integrity, and verification","archived":false,"fork":false,"pushed_at":"2025-11-27T10:42:25.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-30T03:54:37.614Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arraypress.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-09T13:30:22.000Z","updated_at":"2025-11-27T10:42:29.000Z","dependencies_parsed_at":"2025-10-13T09:10:01.445Z","dependency_job_id":"f729fa00-eefc-40ab-8e3d-1cf44d3a688d","html_url":"https://github.com/arraypress/wp-hash-utils","commit_stats":null,"previous_names":["arraypress/wp-hash-utils"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/arraypress/wp-hash-utils","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arraypress%2Fwp-hash-utils","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arraypress%2Fwp-hash-utils/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arraypress%2Fwp-hash-utils/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arraypress%2Fwp-hash-utils/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arraypress","download_url":"https://codeload.github.com/arraypress/wp-hash-utils/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arraypress%2Fwp-hash-utils/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28053400,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-26T02:00:06.189Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-12-26T11:08:09.922Z","updated_at":"2025-12-26T11:08:10.708Z","avatar_url":"https://github.com/arraypress.png","language":"PHP","readme":"# WordPress Hash Utils\n\nA lean WordPress library for hashing, password security, data integrity, and verification.\n\n## Installation\n```bash\ncomposer require arraypress/wp-hash-utils\n```\n\n## Quick Start\n```php\nuse ArrayPress\\HashUtils\\Hash;\n\n// Password security\n$hashed = Hash::password( $password );\n$valid  = Hash::verify_password( $password, $stored_hash );\n\n// Data integrity\n$hash      = Hash::data( [ 'user_id' =\u003e 123, 'action' =\u003e 'purchase' ] );\n$file_hash = Hash::file( '/path/to/file.zip' );\n\n// WordPress nonces\n$nonce = Hash::nonce( 'delete_post_' . $post_id );\n$valid = Hash::verify_nonce( $_POST['nonce'], 'delete_post_' . $post_id );\n\n// HMAC authentication\n$signature = Hash::hmac( $api_data, $secret_key );\n$authentic = Hash::verify_hmac( $api_data, $signature, $secret_key );\n```\n\n## API\n\n### Salt\n\n#### `get_salt(): string`\nGet combined WordPress salts for hashing.\n\n### Password\n\n#### `password( string $password ): string`\nHash passwords securely using WordPress methods.\n\n#### `verify_password( string $password, string $hash ): bool`\nVerify password against hash (timing-safe).\n\n### Data\n\n#### `data( mixed $data, string $algo = 'sha256', string $salt = '' ): ?string`\nHash any data (arrays, objects, strings). Uses WordPress salt by default. Returns null for invalid algorithms.\n\n#### `file( string $path, string $algo = 'sha256' ): ?string`\nHash file contents. Returns null if file doesn't exist or isn't readable.\n\n#### `attachment( int $id, string $algo = 'sha256' ): ?string`\nHash WordPress attachment file by ID.\n\n#### `cache_key( mixed $data, string $prefix = '' ): string`\nGenerate cache keys from data: `Hash::cache_key( $query, 'posts' )` → `\"posts_a1b2c3d4\"`\n\n### Nonce\n\n#### `nonce( string $action ): string`\nCreate WordPress nonce for action verification.\n\n#### `verify_nonce( string $nonce, string $action ): bool`\nVerify WordPress nonce. Returns false for invalid/expired nonces.\n\n### HMAC\n\n#### `hmac( mixed $data, string $key = '', string $algo = 'sha256' ): ?string`\nGenerate HMAC for message authentication. Uses WordPress salt if key is empty.\n\n#### `verify_hmac( mixed $data, string $expected, string $key = '', string $algo = 'sha256' ): bool`\nVerify HMAC (timing-safe comparison).\n\n## Common Use Cases\n```php\n// User authentication\n$hashed = Hash::password( $user_password );\n$valid  = Hash::verify_password( $input_password, $stored_hash );\n\n// Form security\n$nonce = Hash::nonce( 'update_profile' );\nif ( Hash::verify_nonce( $_POST['nonce'], 'update_profile' ) ) {\n    // Process form\n}\n\n// File integrity\n$hash = Hash::file( $uploaded_file );\nupdate_post_meta( $attachment_id, 'file_hash', $hash );\n\n// API security\n$signature = Hash::hmac( $request_data, $api_secret );\n$headers   = [ 'X-Signature' =\u003e $signature ];\n\n// Caching\n$cache_key = Hash::cache_key( $complex_query_data, 'results' );\n$cached    = get_transient( $cache_key );\n```\n\n## Security Best Practices\n```php\n// ✅ Always verify nonces for sensitive actions\nif ( ! Hash::verify_nonce( $_POST['nonce'], 'delete_post' ) ) {\n    wp_die( 'Security check failed' );\n}\n\n// ✅ Use verify_hmac() for timing-safe comparisons\n$valid = Hash::verify_hmac( $data, $signature, $key );\n\n// ❌ Never use == for signature comparison (timing attack risk)\n// if ( Hash::hmac( $data, $key ) == $signature ) { }\n```\n\n## Supported Algorithms\n\n- **SHA-256** (default, recommended)\n- **SHA-1**, **MD5** (legacy support)\n- **SHA-512** (high security)\n- All PHP `hash_algos()` supported\n\n## Requirements\n\n- PHP 7.4+\n- WordPress 5.0+\n\n## License\n\nGPL-2.0-or-later","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farraypress%2Fwp-hash-utils","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farraypress%2Fwp-hash-utils","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farraypress%2Fwp-hash-utils/lists"}