Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/timnashcouk/wp-php-password

Basic Replacement for WordPress Built in Passwords forked from Roots Password Bcrypt
https://github.com/timnashcouk/wp-php-password

Last synced: 5 days ago
JSON representation

Basic Replacement for WordPress Built in Passwords forked from Roots Password Bcrypt

Host: GitHub
URL: https://github.com/timnashcouk/wp-php-password
Owner: timnashcouk
License: mit
Created: 2024-02-02T21:31:43.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-02-21T10:48:28.000Z (12 months ago)
Last Synced: 2025-01-29T01:41:44.404Z (13 days ago)
Language: PHP
Size: 11.7 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 3
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        # WP PHP Password

Basic Replacement for WordPress Built in Passwords forked from Roots [Password Bcrypt](https://github.com/roots/wp-password-bcrypt/)

This plugin replaces the default Password hasher PHPass used by WordPress with native PHP hashing functions allowing it to take advantage of improved algorithms like Bcrypt and Argon2.

This plugin is based on the roots original but also provides a few quality of life improvements over the Roots version which hasn't had much love in a while.

Primarily:

- Wrapped in `function_exists` which means it will work with PHPStan and static analysis tools

- Supports more then just Bcrypt for example can be extended to support Argon2

## Installation

Install manually into mu-plugins folder

> If installed as a regular plugin, may not run properly if another plugin is overriding password features.

### Switching to Argon

```

function my_password_algo( $algo ){

    return PASSWORD_ARGON2ID;

}

add_filter( 'wp_php_hash_password_algorithm', 'my_password_algo' );

```

Your version of PHP must be compiled with [argon2 support](https://wiki.php.net/rfc/argon2_password_hash_enhancements) for the above to work. Also if you make use of WP-CLI then make sure the CLI version of PHP is also compiled with Argon.

You might also want to make use of `wp_hash_password_options` filter to provide some alternative options:

```

function my_password_options( $options ){

    $supports = [

        'memory_cost' => 2048, 

        'time_cost' => 4, 

        'threads' => 3

    ];

    return $supports;

}

add_filter( 'wp_hash_password_options', 'my_password_options');

```

## Changelog

See [CHANGELOG.md](https://github.com/timnashcouk/wp-php-password/blob/main/CHANGELOG.md) for notable changes per version.