[wp-hackers] [WordPress] How to compare salted password

Andrew Nacin wp at andrewnacin.com
Tue Jun 28 15:52:32 UTC 2011

On Tue, Jun 28, 2011 at 11:38 AM, Pasquale Puzio
<pasquale.puzio at gmail.com>wrote:

> Hi all,
> I need to compare a specific password with all password stored in the
> database. I know that WordPress uses MD5 to cypher passwords but uses
> also a salt, so I can't compare my specific password, after MD5
> cyphering, with the stored by WordPress one.
> Which is the salt used by WordPress to cypher passwords? How can I
> apply the same salt for comparing?

WordPress uses the phpass library. You should check out how
wp_check_password() works, or just hash it with wp_hash_password() and use
that against the DB.

More information about the wp-hackers mailing list