WordPress is a most popular and familiar open source Content Management System(CMS). It uses the PHP password hashing framework to generate hashed strings using several available algorithms. WordPress doesn’t store user passwords as plain text, instead it will save the password as hash string (encrypted password). This make you to keep secure, even if your database is hacked, the attacker won’t know your original password.
WordPress will also adds a bit of salt to make the string much longer and more complex. Then, it applies a cryptographic algorithm to the final string to create a one-way hash. A specific plain text string will always generate the same hash. There is no way, however to convert a given hash back to its plain text equivalent. This is an one-way hashing technique that you can make the plain text to hash (encrypted text) but you can’t reverse it back by decrypting.
WordPress Pluggable Functions
WordPress stores its cryptographic salts (strings used to lengthen plain text strings before hashing) in the global wp-config.php
file. These salts are unique for every installation and, if ever compromised, can be readily re-generated and replaced.
As usual WordPress given an pluggable functions to play around the password hashing technique. wp_hash_password() and wp_check_password are the pluggable functions lets you to filters on their output to allow for similar overriding of their functionality.
Thank You !!
Thanks you so much brother for this…. help me a lot… love u bro
Good bro
Very Nice article, Thanks For Sharing , keep it up we are here to learn more
Great Info, Thanks For Sharing , keep it up we are here to learn more