[wp-hackers] [WordPress] How to compare salted password

Otto otto at ottodestruct.com
Tue Jun 28 16:09:22 UTC 2011

On Tue, Jun 28, 2011 at 10:52 AM, Andrew Nacin <wp at andrewnacin.com> wrote:
> WordPress uses the phpass library. You should check out how
> wp_check_password() works, or just hash it with wp_hash_password() and use
> that against the DB.

You have to use wp_check_password. Using wp_hash_password and
comparing directly won't work, because it produces a different hash
every time. Random salts, random number of hashing passes.


More information about the wp-hackers mailing list