[wp-hackers] Default Password ... or test two "hashed" passwords for match

Jon Cave jon at lionsgoroar.co.uk
Tue Jun 21 19:27:41 UTC 2011

On Tue, Jun 21, 2011 at 8:19 PM, Robert Lusby <nanogwp at gmail.com> wrote:
> $password = "test";
> $hash1 =  wp_hash_password($password);
> $hash2 = echo wp_hash_password($password);
> will echo two different values, despite the password being the same.

This is because WordPress passwords are hashed with salts to help
defend against rainbow tables. This makes the same password hash to
different outputs.

> Is there a way to compare the two hashes to see if they came from the same
> password?
> Or the actual question - need to see if a user is using the "default"
> password we supply them with?

Use wp_check_password -
http://codex.wordpress.org/Function_Reference/wp_check_password - and
input your default and the hash of the user's password.

More information about the wp-hackers mailing list