What I would do is this: Since wp_hash_password()
is a “pluggable” function, create a simple plugin or MU-Plugin and define a function called wp_hash_password()
in that plugin/mu-plugin. WordPress will use your function instead of the core function.
Just copy the original code into your plugin/mu-plugin and change the one relevant line.
Related Posts:
- How to get real password (before encrypt) when register a user?
- Simplest two-way encryption using PHP
- Where to securely store API keys and passwords in WordPress?
- Why are passwords exportable as plain text in WordPress?
- Are the default salts secure?
- How is password strength calculated?
- Make password invalid once logged out of password-protected page
- Encrypt emails?
- Can’t reset WordPress password
- Is the “lost password” feature truly a vulnerability?
- Frontend Password change
- Is it possible to reduce the minimum character length for passwords?
- Is there any point setting the keys and salts in wp-config.php?
- When is wp_set_password() called or how to capture a password
- How to get WordPress to send Password Reset Link Email instead of New Password?
- Using an Encryption class in a WordPress Plugin
- Basic password protection without using users and roles
- How can I force a specific password?
- Can a WordPress administrator see other users’ passwords?
- After limiting the access to my wp-login.php by IP through .htaccess, all my password-protected posts stopped working. What’s the best solution now?
- Password-protect feed and make it usable in major aggregators
- Could a user account with a stolen password compromised entire WP site?
- How to set custom validation for WordPress Passwords?
- Is my WP site being hacked?
- Directory to store secure file
- Can you alter the default wordpress strong password requirements?
- Encrypt Password in Configuration Files?
- what is a auth_user_file.txt?
- Is moving wp-config outside the web root really beneficial?
- Best way to eliminate xmlrpc.php?
- If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
- Are Nonces Useless?
- What is the difference between esc_html filter vs attribute_escape filter?
- Which KSES should be used and when?
- How do WordPress Nonces Work?
- Disable comment windows for all existing posts (pages/blogposts)
- Generate WordPress salt
- Stop wordpress automatically escaping $_POST data
- how can i embed wordpress backend in iframe
- Handling nonces for actions from guests to logged-in users
- Can I force a password change?
- How brute-forcer knows that the password is cracked for target username?
- What is pclzip.lib.php file that wordfence think it’s a malicious code
- Can someone (Support of my themeprovider) get access to my server If I send them my admin login?
- How to disable XML-RPC from Linux command-line in a total way?
- How to remove javascript malware in wordpress site [closed]
- Securing my WordPress Files and Directories
- Single sign-on: wp_authenticate_user vs wp_authenticate
- How to allow internal links using wp_kses filtration
- How does Cross Site Scripting (XSS) work exactly? [closed]
- Relative security of different releases of WordPress
- Password protect a specific category page/post
- How does the “authentication unique keys and salts” feature work?
- vs WordPress Security
- esc_html__ security : what for in this example?
- Preventing BFA in WordPress without using a plugin
- Using HTACCESS for Secret Access
- wp-config.php being written by attacker
- XML-RPC errors they know my username?
- Sniffing wordpress user’s credentials
- Changing Table Prefixes – once done, am I good to go going forward?
- Force user to change their password on the frontend at the first login and password policy
- How do I protect user_activation_key?
- wordpress website host price and security [closed]
- Are there security risks in working directly in the themes folder that builds into a theme folder?
- how much information can we hide when using wordpress cms?
- Is it safe to use a global wp nonce per user instead of a nonce per action?
- System setting changed by system user
- Password minimum length in personal subscription [closed]
- Does meta-data need to be sanitized?
- Need help for WordPress User Session Management?
- Specific way to allow WordPress users to view their current password? And edit it?
- Any known bugs that could cause disappearance of the wp_users table?
- Are SVG image files safe to upload? Why WP defines them as a security risk? [duplicate]
- Switching between security plugins is a risk?
- Security issue with ‘paged’ and ‘posts_per_page’ parameters taken directly from a POST request?
- How to prevent to direct access of my custom plugin folder/files
- Checking for origin of a xmlrpc request
- RESTRICT EDIT of PHP files?
- wp-content – permissions for files/folders created by apache
- How can I restrict access to specific parts of a page, not just the page itself?
- Using password protection to load different page elements?
- User generated content and security
- Monitor wordpress all external calls
- Securing WordPress running on Azure platform
- Spam Registrations
- How can I have more confidence that WP plugins aren’t getting and storing user data?
- Standard Method for Securing a WordPress Site
- Avoid ‘uploads’ 777 permissions: Potential threat or clean solution?
- Any way to disable /wp-login.php redirecting to the site folder?
- Step by Step Instructions for Making Media/Uploads Private to Only Logged-In Users
- Secure a WordPress website in 2019: one plugin or a combinations of them?
- What are the different types of firewall protections available for a WordPress website?
- Is this a WordPress security bug?
- Competitor is somehow accessing MetaData on a hidden WordPress site
- WordPress Hacks/Defacing [closed]
- How to delete Password Protected posts cookies when a user logged out from the site
- How do you search for backdoors from the previous IT person?
- Is wp-cron.php vulnerable to external attacks and how to protect it?
- How to address security vulnerabilities: LUCKY13, BEAST, and BREACH