[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Sat Mar 5 04:20:57 UTC 2016
#21022: Allow bcrypt to be enabled via filter for pass hashing
---------------------------------------------+-----------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
Component: Security | Review
Severity: normal | Version: 3.4
Keywords: 2nd-opinion has-patch 4.5-early | Resolution:
| Focuses:
---------------------------------------------+-----------------------------
Comment (by DeveloperWil):
I like @dd32's idea of simply adding a email and password reset for
passwords that cannot be decrypted.
You could even pre-empt issues by storing the current PHP version in the
DB during the update check and trigger at the very least an admin email
when the version of PHP has been changed, or especially so, downgraded.
That would at least give site owners information on why a site has "broke"
as in @mattheweppelsheimer's examples.
Storing the PHP version in the DB could also enable secure password
hashing on new installations if PHP >= 5.5
Considering how insecure MD5 is and how many sites are powered by
WordPress can this issue get some traction?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:74>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list