[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing

WordPress Trac noreply at wordpress.org
Fri Oct 6 10:48:24 UTC 2017 

#21022: Allow bcrypt to be enabled via filter for pass hashing
-------------------------------------------------+-------------------------
 Reporter:  th23                                 |       Owner:
     Type:  enhancement                          |      Status:  new
 Priority:  normal                               |   Milestone:  Future
Component:  Security                             |  Release
 Severity:  normal                               |     Version:  3.4
 Keywords:  2nd-opinion has-patch needs-testing  |  Resolution:
  4.9-early                                      |     Focuses:
-------------------------------------------------+-------------------------

Comment (by my1xt):

 honestly I would also agree to add native PHP's Password function and give
 somewhere in the admin panel even an option to set things like the cost or
 the algorithm (with PHP7.2 for example we will be getting argon2 as an
 option)

 also regarding users with WAY too old PHP versions that are EOL since half
 an eternity (5.2 was ended in January two thousand ELEVEN), are there
 stats on how the PHP version split is for people that use the latest (or
 second latest) version of WP? I wouldnt be expecting too many people who
 are on older versions to update anyway)

 for hosters that only support versions that have been EOL for over 2
 years, those hosters should in my opinion be sued for intentionally
 risking the security of anyone involved.

 I would say that when you guys plan to do 5.0 it would be time to throw
 some things out which are really in the way of security.

 Over 25% of Wordpress installations according to stats are running 4.5 or
 lower, meaning they havent updated for almost a year and a half, in
 comparison, less than 15% run php 5.2 and 5.3, both are versions EOL for
 over 3 years at the time of posting.

 and for downgrading, another person already mentioned fun with different
 database versions, so that would be another problem, where PHP cant even
 do ANYTHING

--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:87>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list