wp-bcrypt
wp bcrypt switches WordPress's password hashes from MD5 to bcrypt, making it harder for them to be brute-forced if they are leaked.
Overview
Compatibility
Installation instructions
Customer support & learning resources
Changelog
Main benefits
Switches to bcrypt
Improves password security
Slows down brute-force attacks
Requires PHP 5.3.0+
Overview
This WordPress plugin enhances the security of password storage by replacing the default MD5 hashing algorithm with bcrypt. MD5 is considered less secure due to its faster processing speed, which makes it easier for attackers to brute-force or use dictionaries to crack passwords. By switching to bcrypt, which is much slower to produce, the plugin significantly bolsters password security, making it substantially harder for attackers to reverse-engineer hashed passwords. It's important to note that the plugin requires PHP version 5.3.0 or newer. However, users should be cautious, as moving to a host that does not support bcrypt will necessitate resetting any user accounts intended for login access.
Enhanced Security
- Switches from MD5 to bcrypt for password hashing.
- Bcrypt is slower to produce, making brute-force attacks more difficult.
Recommended Algorithm
- Uses bcrypt, the algorithm recommended by phpass.
- Bcrypt is considered a better option for password storage.
Improved Password Protection
- Harder for attackers to obtain plain text passwords.
- More resistant to dictionary attacks.
Compatibility Note
- Requires PHP 5.3.0 or newer.
- Users need to reset accounts if moving to a host that does not support bcrypt.