[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Thu Feb 20 15:21:16 UTC 2025
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner:
| johnbillion
Type: enhancement | Status: reopened
Priority: normal | Milestone: 6.8
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing has-unit- | Focuses:
tests has-dev-note |
-------------------------------------------------+-------------------------
Comment (by johnbillion):
If a user upgrades to 6.8 from an earlier version and subsequently
downgrades, they'll only be prevented from using their current password if
they have actually gone through the login or password reset process while
on the newer version (and therefore their password has been
opportunistically rehashed). A simple password reset will allow them back
in.
A staggered rollout to avoid this very specific and easily resolvable
scenario seems overkill.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:231>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list