开发者 | michaelrhmw |
---|---|
更新时间 | 2018年10月3日 07:18 |
PHP版本: | 5.2.4 及以上 |
WordPress版本: | 4.9.8 |
版权: | GPLv2 or later |
版权网址: | 版权信息 |
Currently you will need to update the alorithm in 'wp-modern-password-hashing.php' line 18, from PASSWORD_BCRYPT to PASSWORD_ARGON2I Keep in mind that updates will undo your change, I plan to add an options screen to wp-admin.
If PHP 5.5 or higher is used, then password_hash() will be available, and the plugin will default to using it.
Provided you change the alorithm in 'wp-modern-password-hashing.php' line 18. Keep in mind that updates will undo your change, I plan to add an options screen to wp-admin. Yes, you should be able to change back and forth (Provided your PHP version is suffcient), as the password will be checked against the password_verify and password_needs_rehash functions.
In cases where password_hash() is not available, PHPASS as included with WordPress will be used, but with two adjustments. The rounds/iterations_count option and the use_md5/portable_hashes have been adjusted from the WordPress defaults of '8, true' to '16, false' This should improve the security of the hashed passwords, for those who are running on older versions of PHP.