Support » Requests and Feedback » Passwords stored in plaintext?!?

  • I’ve just downloaded and installed Word Press 1.01 on my local machine and it works quite well. However, I forgot the admin password so I logged into my MySQL console to change it. I was shocked to discover that the passwords were all stored in plaintext – i.e. with no encryption whatsoever.
    Why on earth aren’t passwords encrypted/hashed using md5 (functionality for this is built into both PHP and MySQL!)? It’s crazy to have passwords in any two-way encryption form if all you’re doing is checking to see whether the user has entered the correct value.

Viewing 7 replies - 1 through 7 (of 7 total)
  • for 1.1 it is encrypted.

    In the latest nightly builds encrypted passwords have been implemented.

    When is 1.1 going to be available though? I’m not using a system that can’t even protect passwords properly.

    Ryan Boren


    WordPress Dev

    The nightly builds have been quite stable. Give one a try. Once it is installed, make sure you run upgrade.php in order to update the database with the MD5 hashes.

    Stable? It won’t even let me change my password:
    “ERROR: you typed your new password only once. Go back to type it twice.”
    There is only one box to type it in…

    Moderator Matt Mullenweg



    There are two boxes right next to each other on your profile page. These should probably be on seperate lines because people often miss one.

    There aren’t two boxes next to each other when I tried it…

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Passwords stored in plaintext?!?’ is closed to new replies.