WordPress.org

Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

wp-bcrypt

wp bcrypt switches WordPress's password hashes from MD5 to bcrypt, making it harder for them to be brute-forced if they are leaked.

WordPress uses phpass to store passwords. Because WordPress has to work everywere, it uses the portable version of phpass, which uses MD5 to hash passwords. MD5 is not a very good hashing algorithm for passwords, because it's relatively fast.

This plugin switches over to bcrypt, which is the algorithm recommended by phpass, and is a much better option for password storage because it is much slower to produce. This makes it much harder for an attacker who's managed to access your hashed passwords to obtain plain text passwords by brute-forcing, or by trying passwords from a dictionary.

Note: this plugin requires PHP 5.3.0 or newer

Be aware that if you use this plugin and then move to a host that does not support bcrypt, you will need to reset any user account that you want to log in with.

Tags:

Requires: 3.4 or higher
Compatible up to: 3.9.16
Last Updated: 3 years ago
Active Installs: 500+

Ratings

5 out of 5 stars

Support

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,3,3
0,1,0
100,1,1