This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.



wp-http-digest is a WordPress plugin that enables you to store the WordPress passwords in a format that is compatible with HTTP digest authentication. The advantages of this approach is that it enables you to build and integrate services using HTTP digest authentication on top of standard wordpress accounts. The passwords are stored in the database as md5(username:realm:password), which is called the HA1 hash.


The implementation could be more concise and beautiful if ./wp-includes/user.php would rely on wp_set_password instead of wp_hash_password (no action_profile_update and wp_new_user_notification required). See discussion and patch at


This section describes how to install the plugin and get it working:

  1. Upload wp-http-digest.php to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Important You are still logged-in with you administrator account, then go into your profile (top, right-hand side) and update your password

WARNING: once you’ve installed the plugin, the previous passwords become invalid. If something goes wrong, you may have to:

  1. recreate a new password for an existing administrator account, for instance using htdigest:
    • $ htdigest -c digest-file wordpress username
    • $ awk -F : '{print "HA1 for user "$1" is "$3}' digest-file
  2. copy the HA1 in the database (table:wp_user, colum:user_pass), for instance with phpMyAdmin


I can not log in anymore

See the warning in section Installation

Is this method secure?

According to Wikipedia, although md5 is getting weak, there are no known attacks on HTTP Digest hash.

Contributors & Developers

“wp-http-digest” is open source software. The following people have contributed to this plugin.


Translate “wp-http-digest” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



First upload to