Plugin categories

Create a Website with AI
All pluginsSecurity

wp-bcrypt

wp-bcrypt

wp-bcrypt

Visit the website

wp bcrypt switches WordPress's password hashes from MD5 to bcrypt, making it harder for them to be brute-forced if they are leaked.

5

Rating summary

4

Reviews

300

Active installations

Download the Plugin
wp-bcrypt
wp-bcrypt

Overview

Compatibility

Installation instructions

Customer support & learning resources

Changelog

Main benefits

Switches to bcrypt

Improves password security

Slows down brute-force attacks

Requires PHP 5.3.0+

About this plugin

Author: harrym
Categories: Security
Version: 1.0.1
Last updated: 05-06-2014
WordPress version: 3.4
Tested up to: 3.9.40
PHP version required: false
Languages:

Overview

This WordPress plugin enhances the security of password storage by replacing the default MD5 hashing algorithm with bcrypt. MD5 is considered less secure due to its faster processing speed, which makes it easier for attackers to brute-force or use dictionaries to crack passwords. By switching to bcrypt, which is much slower to produce, the plugin significantly bolsters password security, making it substantially harder for attackers to reverse-engineer hashed passwords. It's important to note that the plugin requires PHP version 5.3.0 or newer. However, users should be cautious, as moving to a host that does not support bcrypt will necessitate resetting any user accounts intended for login access.

Enhanced Security

  • Switches from MD5 to bcrypt for password hashing.
  • Bcrypt is slower to produce, making brute-force attacks more difficult.

Recommended Algorithm

  • Uses bcrypt, the algorithm recommended by phpass.
  • Bcrypt is considered a better option for password storage.

Improved Password Protection

  • Harder for attackers to obtain plain text passwords.
  • More resistant to dictionary attacks.

Compatibility Note

  • Requires PHP 5.3.0 or newer.
  • Users need to reset accounts if moving to a host that does not support bcrypt.

Rating and reviews

5

Rating summary

4

Reviews

300

Active installations

5
4
3
2
1

User sentiment analysis

Users appreciate that the plugin enhances security by converting passwords to the bcrypt format, making them less vulnerable to brute force attacks. It is praised for its simplicity and ease of use, effectively working right after installation. Moreover, it supports integration with single sign-on systems like Auth0, allowing for seamless SSO across multiple WordPress instances and ASP.NET applications, making it extremely versatile. Users, however, did not explicitly mention its compatibility with WordPress 4.9 in detail. A minor drawback could be the lack of feedback on its compatibility with newer WordPress versions.
momosampaii

momosampaii

02 Dec, 2017

Is it work with wordpress 4.9? Thanks
evan-beakerstudio

evan-beakerstudio

15 Jun, 2015

Just installed this, logged out and back into WordPress, and MySQL shows that my password is now in bcrypt format. Many thanks to the author, because this small change makes user logins significantly less vulnerable to brute force attempts!
Dan Maby

Dan Maby

30 Jul, 2014

I used this plugin in combination with the Auth0 – Single Sign On with Social, Enterprise and User/Passwords plugin and I’ve been able to build a central authentication system that is using the WP database at it’s core and I’m now able to offer SSO across multiple instances of WP as well as our asp.net applications! This would not have been possible had it not of been for this great plugin, it just simply works brilliantly.
mojorob

mojorob

24 Jun, 2014

Does exactly as it says, nice and simple! I run a number of WP sites, currently v3.9.1 on PHP 5.5, and this plugin for switching password hashes to bcrypt runs great.

More plugins like this

See all

FAQ

How do you change the hashes?

What happens if I deactivate the plugin?

What is the main purpose of this plugin?

What version of PHP is required for this plugin?

What happens if I move to a host that does not support bcrypt?

Does this plugin affect existing passwords?

Will WordPress functions use bcrypt after activating this plugin?

Why is bcrypt preferred over MD5 for password hashing?

TenWeb, Inc.

40 E Main St, Suite 721

Newark, DE 19711

United States

Company

About usContact usSecurity statementAffiliiatesAffiliate termsCareerPricing

Product

AI Website BuilderAI EcommerceHostingPageSpeed BoosterAI Business Name GeneratorIndustriesAI AssistantAI Marketing Strategy GeneratorPluginsWidgetsWebsite management

Customers

10Web for agencies & freelancersCase studies10Web for SMBsCustomer reviews

Resources

Help CenterBlogHosting glossarySite speed glossaryPress KitRoadmapSubmit your ideaFacebook communityAI technologySystem status

Copyright © 2024 TenWeb. All rights reserved.

Privacy
Terms of Service
SLA
Report Abuse