[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes
WordPress Trac
noreply at wordpress.org
Sat Feb 22 00:19:17 UTC 2025
#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
Reporter: th23 | Owner:
| johnbillion
Type: enhancement | Status: reopened
Priority: normal | Milestone: 6.8
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing has-unit- | Focuses:
tests has-dev-note |
-------------------------------------------------+-------------------------
Comment (by yani.iliev):
Replying to [comment:237 Otto42]:
> Replying to [comment:236 yani.iliev]:
> >This is more about user behavior than anything we can control directly.
>
> It really is not, because this is a progressive upgrade. There is going
to be nearly no response to this, because Is almost entirely behind the
scenes, and also not the first time we have done something like this. We
have upgraded the password hashes once before, and it worked fine. As long
as we take the database upgrades into account, it will be fine and nearly
no issues.
I understand your point. My focus is on plugins that transfer WordPress
sites between hosts. I am trying to raise awareness for these migration
plugins and possibly other plugins or themes that interact with user data
may also be affected.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:238>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list