https://github.com/d3cod3/wp-elsewhere-password
Harden password encryption mechanism for wordpress
https://github.com/d3cod3/wp-elsewhere-password
Last synced: 3 months ago
JSON representation
Harden password encryption mechanism for wordpress
- Host: GitHub
- URL: https://github.com/d3cod3/wp-elsewhere-password
- Owner: d3cod3
- License: mit
- Created: 2017-04-16T09:07:28.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2017-04-16T09:42:12.000Z (about 8 years ago)
- Last Synced: 2025-01-01T22:35:13.876Z (5 months ago)
- Language: PHP
- Size: 35.2 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# wp-elsewhere-password
wp-elsewhere-password is a WordPress plugin to harden his password encryption mechanism.
This plugin requires PHP >= 5.5.0 which introduced the built-in [`password_hash`](http://php.net/manual/en/function.password-hash.php) and [`password_verify`](http://php.net/manual/en/function.password-verify.php) functions.
## Requirements
* PHP >= 5.5.0
* WordPress >= 4.4 (see https://core.trac.wordpress.org/ticket/33904)
## Installation
Manually copy `libs/` folder and `wp-elsewhere-password.php` into your `mu-plugins` folder, [Must Use Plugins](https://codex.wordpress.org/Must_Use_Plugins).
Manually copy `wp-crypto.php` elsewhere, a good choice is copying it outside your server document root and then include it like this:
```php
require_once($_SERVER['DOCUMENT_ROOT'].'/../wp-crypto.php');
```
You'll need to generate your personal encryption key, and add it to `wp-crypto.php`. To do that create a temporary php file like this:
```php
saveToAsciiSafeString();
?>
```
Open it in your browser to generate an encryption key, copy-paste it in `wp-crypto.php` and save the file.
## Libraries
This plugin use the following libraries:
[constant_time_encoding](https://github.com/paragonie/constant_time_encoding/tree/v1.x) To prevent leak information about what you are encoding/decoding via processor cache misses
and
[php-encryption](https://github.com/defuse/php-encryption) To ensure the use of a secure encryption mechanism.
## Thanks
Thanks to [wp-password-bcrypt](https://github.com/roots/wp-password-bcrypt) for a first introduction to the issue.