This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Password bcrypt

Description

wp-password-bcrypt is a WordPress plugin to replace WP’s outdated and insecure
MD5-based password hashing with the modern and secure bcrypt.

It is written by roots.io people.

This plugin requires PHP >= 5.5.0 which introduced the built-in
password_hash and
password_verify functions.

See Improving WordPress Password Security
for more background on this plugin and the password hashing issue.

Installation

  1. Upload the plugin files to the /wp-content/plugins/password-bcrypt directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress

FAQ

Manual installation as a must-use plugin

If you don’t use Composer, you can manually copy wp-password-bcrypt.php into your mu-plugins folder.

We do not recommend using this as a normal (non-MU) plugin. It makes it too easy to disable or remove the plugin.

Reviews

Important plugin!

Every WordPress installation needs password hashing with bcrypt. Thanks 🙂

Read all 3 reviews

Contributors & Developers

“Password bcrypt” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Password bcrypt” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.3

  • Check for another password plugin.

1.0.2

  • Added license file, excuse me.

1.0.1