How does wordpress password hash work?

5 Views

I need to integrate a Django system with a WordPress site, as in wordpress users should be able to log in the DJnago part and vice versa,

For this I need to understand how the password hashing works in WordPress. I can see the wp_users table which stores the username and password hashes.

Read More

Looking through the wordpress code, I can see the password is set via wp_set_password, which is using hash_password to hash the password.

Now I dont know enough PHP to understand how it is working. I need to replicate the same in python so I can validate the password from Django part.

Post Views: 5

Related posts

Leave a Reply

2 comments

  1. There is a comment in the implementation saying:

      28  /**
  29   * Portable PHP password hashing framework.
  30   *
  31   * @package phpass
  32   * @version 0.1 / genuine
  33   * @link http://www.openwall.com/phpass/
  34   * @since 2.5
  35   */

    The hashing framework used is phpass, and its page links to a Python implementation. Here’s the link (.tar.gz). That page has some other useful links (such as a Perl implementation).

  2. Just to add on, the following is a comment snippet from WordPress 3.1’s “wp-includespluggable.php”:

     /**
 * For integration with other applications, this function can be overwritten to
 * instead use the other package password checking algorithm.
 */