How does wordpress password hash work?

I need to integrate a Django system with a WordPress site, as in wordpress users should be able to log in the DJnago part and vice versa,

For this I need to understand how the password hashing works in WordPress. I can see the wp_users table which stores the username and password hashes.

Read More

Looking through the wordpress code, I can see the password is set via wp_set_password, which is using hash_password to hash the password.

Now I dont know enough PHP to understand how it is working. I need to replicate the same in python so I can validate the password from Django part.

Related posts

Leave a Reply

2 comments

  1. There is a comment in the implementation saying:

      28  /**
      29   * Portable PHP password hashing framework.
      30   *
      31   * @package phpass
      32   * @version 0.1 / genuine
      33   * @link http://www.openwall.com/phpass/
      34   * @since 2.5
      35   */
    

    The hashing framework used is phpass, and its page links to a Python implementation. Here’s the link (.tar.gz). That page has some other useful links (such as a Perl implementation).

  2. Just to add on, the following is a comment snippet from WordPress 3.1’s “wp-includespluggable.php”:

     /**
     * For integration with other applications, this function can be overwritten to
     * instead use the other package password checking algorithm.
     */