[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Mon Feb 1 00:06:13 UTC 2016
#21022: Allow bcrypt to be enabled via filter for pass hashing
---------------------------------------------+-----------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
Component: Security | Review
Severity: normal | Version: 3.4
Keywords: 2nd-opinion has-patch 4.5-early | Resolution:
| Focuses:
---------------------------------------------+-----------------------------
Comment (by mattheweppelsheimer):
> I don't think a user would intentionally switch to another host which
runs PHP 5.2, however someone who maintains WordPress sites might move a
site onto their infrastructure, and run into that problem. I don't see
this being an issue to that segment of users though.
Agreed, but I just want to point out that "intentionally" is a key word.
Over the years we've had a few clients move away from our management to
cut costs, then call us in a panic when their cheapskate new host's older
PHP version breaks things. Anecdotal but this makes me think it's small
sites like these, run by people clueless about PHP versions, who are most
likely to git bit.
However we implement better hashing, +1 to @dd32's suggestion (or
something similar):
> "Whoops! PHP can no longer decrypt your password, <a href="w.org">find
out why</a> or <a>reset your password</a>`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:72>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list