What type of hash does WordPress use?
What type of hash does WordPress use?
Here is an example of a WordPress hash:
$P$Bp.ZDNMM98mGNxCtHSkc1DqdRPXeoR.
Solution 1:
The WordPress password hasher implements the Portable PHP password hashing framework, which is used in Content Management Systems like WordPress and Drupal.
They used to use MD5 in the older versions, but sadly for me, no more. You can generate hashes using this encryption scheme at http://scriptserver.mainframe8.com/wordpress_password_hasher.php.
Solution 2:
$hash_type$salt$password
If the hash does not use a salt, then there is no $
sign for that. The actual hash in your case is after the 2nd $
The reason for this is, so you can have many types of hashes with different salts and feeds that string into a function that knows how to match it with some other value.
Solution 3:
For manually resetting the password in Wordpress DB, a simple MD5 hash is sufficient. (see reason below)
To prevent breaking backwards compatibility, MD5-hashed passwords stored in the database are still valid. When a user logs in with such a password, WordPress detects MD5 was used, rehashes the password using the more secure method, and stores the new hash in the database.
Source: http://eamann.com/tech/wordpress-password-hashing/
Update: this was an answer posted in 2014. I don't know if it still works for the latest version of WP since I don't work with WP anymore.