How does WordPress encrypt its users passwords?
Last updated on December 20th, 2015 at 11:15 pm
WordPress stores your plain text passwords in an encrypted mode and that is for a reason; if someone hacks your database he won't really know what were the passwords you and your users were using. Thats a relief considering many of you use the same passwords for a bunch of websites(like your google account login).
So if you ever forget your WP user password you will need to reset it and create a new one. In our next post I'm going to show 2+1 ways to restore or change your user password on WordPress.
Even though WordPress stores your password as an Md5 Hash when you try to login the password is "mixed" with a bit of salt making extra difficult for hacker to trace or copy it. That salt is the WordPress Security Keys that can be found inside your wp-config.php file.
Security Keys on their end are unique for each WP installation and can be re-generated through WordPress Secret Keys API.
Feel to free to use that tool and share!
Latest posts by Makis Mourelatos (see all)
- Extra Hardening: Take care your HTTP Security Headers - May 15, 2017
- WordPress Hacked Redirect, How to Detect and Clean it - January 2, 2017
- 7 WordPress Maintenance Mode Plugins – Which One Stands out? - November 21, 2016