[wp-hackers] Password Generation

Brian Layman wp-hackers at thecodecave.com
Thu Oct 6 14:34:00 UTC 2011

On 10/6/2011 5:14 AM, Scott Wilcox wrote:
> Hello,
> I've written a script to process a complex import of users from one system into wordpress. The only part I'm having issue with is generating each users password, as from the database they don't' appear to be straight MD5 hashes of passwords.
> Can anyone shed any light on the correct way to generate passwords?
> Are they concatenated salt and hashes?
> --
> Scott Wilcox
hah I just wrote the same thing, importing from a CSV file, creating the 
user and assigning password if needed, an then associating with a blog 
if it does not already exist.

I simply used  wp_generate_password( 12, false ) to create a new random 

One thing to note is that you CAN use a straight md5 of a text value in 
the password field. That's the original password encryption method for 
WordPress and it will be recognized.  The upgrade code is still in place 
in the core so the password encryption will be upgraded to the new 
method the next time the person logs in. (It has to be done when a 
person is logging in so that the unhashed text is known.)

-- Brian Layman

More information about the wp-hackers mailing list