[wp-trac] [WordPress Trac] #50027: Retire Phpass and use PHP native password hashing
WordPress Trac
noreply at wordpress.org
Thu Dec 10 15:33:02 UTC 2020
#50027: Retire Phpass and use PHP native password hashing
-------------------------------------------------+-------------------------
Reporter: ayeshrajans | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion needs-unit-tests needs- | Focuses:
patch |
-------------------------------------------------+-------------------------
Comment (by stgoos):
I follow the original ticket for years now and with the minimum PHP
requirement for WordPress now being at 5.6 it's about time to get this
finally sorted in my opinion.
Btw - my 2 cents regarding your 2nd point:
2.Expose a filter for plugins\\
... We can expose a filter that WordPress core emits so plugins can
change the hashing algorithm if necessary.
Is that desireable at all? Shouldn't this be controlled via a setting in
wp-config.php which makes it clear that the WordPress installation will
use an alternative hashing algorithm instead?
That way no one can be taken by surprise that the passwords have been
changed by simply activating a plugin that for some reason feels the need
to use an alternative hashing algorithm.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50027#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list