Encrypt WordPress User passwords using SQL rather than PHP? (6 posts)

  1. renwickcentre
    Posted 6 years ago #


    I want to replicate the way WordPress encrypts a password for a new user (wp_user.user_pass) in WordPress 2.7.1.

    However, I want to encrypt the password in SQL code inserting into MySQL rather than through PHP. This is so that I can bypass the WordPress Admin/Dashboard section to create new users, instead creating new users through a SQL Insert statement into the WordPress MySQL database.

    I believe that WordPress 2.5+ onwards uses 'Salted Passwords' using the PasswordHash PHP class (http://www.openwall.com/phpass/) to store passwords. I have also found the mod_auth_mysql Apache module (http://modauthmysql.sourceforge.net/) but neither of these appear to have any SQL code directly or suit my problem exactly.

    Does anyone know how to encrypt passwords for new WordPress Users in a SQL INSERT or UPDATE statement that replicates the way WordPress encrypts passwords using PHP?


  2. Shane G
    Posted 6 years ago #


    You can use md5() or AES_ENCRYPT function in your query to encrypt the password and store it..


    INSERT INTO usertable ( First_Name, Last_Name, Phone, BirthDate, Password ) VALUES ( '...', '...', '...', '......', AES_ENCRYPT ( 'mypassword', 'seSy78910' ) );


    Shane G.

  3. renwickcentre
    Posted 6 years ago #

    Hi Shane,

    I thought MD5 hashing for WordPress passwords was depracated and not recommended since 2.5?

    And if I do use AES_ENCRYPT how will WordPress know how to decrypt the password for each user if it doesn't have the secret key (the 'key_str' parameter) that I pass to AES_ENCRYPT when I encrypt the password?


  4. netizenzero
    Posted 5 years ago #

    I am actually looking to do exactly the same thing as renwickcentre, and the md5 suggestion doesn't work.

    I am still digging...

  5. Michael C
    Posted 5 years ago #

    I am using 2.8.4 and I was able to use MD5 to create a password. I was surprised since I too thought salting was needed.

    I used this code:

    UPDATE wp_users SET user_pass = MD5('THE_PASSWORD') WHERE wp_users.user_login ='THE_USERNAME' LIMIT 1;

    I was also able to insert a user into the table using similar code. But is also important to create an entry into the wp_usermeta table with the correct information. I simply use a query to copy from a working user record since I am too lazy to figure out all of the meaning behind the records:

    insert into wp_usermeta
    select 3 as x, meta_key, meta_value
    from wp_usermeta
    where user_id=2

  6. netizenzero
    Posted 5 years ago #

    Ya, I'm not sure why, but inserting the MD5 password via mysql doesn't work.

    I did play around with using the wp_hash_password() function to try to hash the password, and I do get a hash that looks right, but I may be missing a piece of the puzzle, because I get multiple hashes for the same password.

    I know there is a random number used in the encryption process, but i'm not sure how that fits into the big picture.

Topic Closed

This topic has been closed to new replies.

About this Topic