[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Thu Feb 20 15:14:30 UTC 2025
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner:
| johnbillion
Type: enhancement | Status: reopened
Priority: normal | Milestone: 6.8
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing has-unit- | Focuses:
tests has-dev-note |
-------------------------------------------------+-------------------------
Comment (by desmith):
While it's true that we don't really want to encourage people to downgrade
WP, it's also true that it happens (source: I work for a host and we get
maybe one ticket a week asking for just that). I can't immediately recall
an instance where downgrading WP actually, definitively solved a customer
problem, but users sometimes do strange things.
To be fair, my customer base is more enterprise-y and more likely to use
an external authentication plugin (OAuth, SAML, etc) so this specific
issue isn't too likely to bite them. But it absolutely will come up for
someone, somewhere. Please consider this a vote in favor of doing it as a
two-step. (Probably 6.8/6.9 because I imagine adding bcrypt to 6.7 is too
much of a change at this point.)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:230>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list