First of all you need to find out which hashing algorithm has been used on the Joomla site to store the passwords. Joomla – different to Worpdress – ships with a variety of hashing algorithms.
If you have found out how the hashes have been generated, you can port the hashing function over into wordpress and make use of a pluggable function called wp_check_password() to check against the password hash.
Pluggable function means, that you can define a function with the same name inside your own plugin-in, so to overwrite the standard functionality.
Now here is the simple trick:
You compare against both, the Joomla hash and the WordPress one (PHPASS). Additionally you can take care of MD5 as well (the old WordPress hashing algorithm).
If a user logs in with a password that is in the old hash format, you update the users hash in the database with the standard wordpress hash (PHPASS). So each user that logs in will be automatically converted.
The current wp_check_password() function btw. does already something similar.
So what you need is
- Find out which algorithm was used to generate the hashes.
- Port that algorithm over to worpdress, so you can invoke it per one function.
- Extend the wp_check_password() function to test against Joomla hashes as well.