WordPress.org

Ready to get started?Download WordPress

Forums

Passwords stored in plaintext?!? (8 posts)

  1. Anonymous
    Unregistered
    Posted 10 years ago #

    I've just downloaded and installed Word Press 1.01 on my local machine and it works quite well. However, I forgot the admin password so I logged into my MySQL console to change it. I was shocked to discover that the passwords were all stored in plaintext - i.e. with no encryption whatsoever.
    Why on earth aren't passwords encrypted/hashed using md5 (functionality for this is built into both PHP and MySQL!)? It's crazy to have passwords in any two-way encryption form if all you're doing is checking to see whether the user has entered the correct value.

  2. Lester Chan
    Member
    Posted 10 years ago #

    for 1.1 it is encrypted.

  3. Nick Momrik
    Member
    Posted 10 years ago #

    In the latest nightly builds encrypted passwords have been implemented.

  4. Anonymous
    Unregistered
    Posted 10 years ago #

    When is 1.1 going to be available though? I'm not using a system that can't even protect passwords properly.

  5. Ryan Boren
    WordPress Dev
    Posted 10 years ago #

    The nightly builds have been quite stable. Give one a try. Once it is installed, make sure you run upgrade.php in order to update the database with the MD5 hashes.

  6. Anonymous
    Unregistered
    Posted 10 years ago #

    Stable? It won't even let me change my password:
    "ERROR: you typed your new password only once. Go back to type it twice."
    There is only one box to type it in...

  7. Matt Mullenweg
    Troublemaker
    Posted 10 years ago #

    There are two boxes right next to each other on your profile page. These should probably be on seperate lines because people often miss one.

  8. Anonymous
    Unregistered
    Posted 10 years ago #

    There aren't two boxes next to each other when I tried it...

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.