How does WordPress encrypt its users passwords?

Posted on November 12, 2014 at 6:47 am

Tags: , , , ,

No Comments

WordPress stores your plain text passwords in an encrypted mode and that is for a reason; if someone hacks your database he won't really know what were the passwords you and your users were using. Thats a relief considering many of you use the same passwords for a bunch of websites(like your google account login).

So if you ever forget your WP user password you will need to reset it and create a new one. In our next post I'm going to show 2+1 ways to restore or change your user password on WordPress.

Even though WordPress stores your password as an Md5 Hash when you try to login the password is "mixed" with a bit of salt making extra difficult for hacker to trace or copy it. That salt is the WordPress Security Keys that can be found inside your wp-config.php file.
Security Keys on their end are unique for each WP installation and can be re-generated through WordPress Secret Keys API.

FixMyWP.com has just created a new website MD5 generator which lets you generate your own WordPress Security Keys that you can later copy and paste inside your wp-config.php file.

Feel to free to use that tool and share!

Makis Mourelatos

WordPress Security Engineer at FixMyWP
WC Athens 2016 co-organizer, WP Support and Security Aficionado, Wannabe Kitesurfer.

Leave a Reply

Your email address will not be published. Required fields are marked *