Menu
Wordpress uses MD5 Password hashing. Creates a hash of a plain text password. Unless the global $wp_hasher is set, the default implementation uses PasswordHash, which adds salt to the password and hashes it with 8 passes of MD5. MD5 is used by default because it's supported on all platforms.
MD5 is used by default because it's supported on all platforms. You can configure PasswordHash to use Blowfish or extended DES (if available) instead of MD5 with the $portable_hashes constructor argument or property (see examples).
The WordPress password storage for the login passwords is fairly secure. The passwords are encrypted and stored in the WordPress MySQL database. However, the password for the WordPress MySQL database itself is stored in the wp-config. php file in plain text.
Use Phpmyadmin or any DB tool to connect to the WordPress blog database. Use this tool to generate a hash password, use your password, or generate a random password by clicking the Random button. Use an update query to update the database.
The WordPress password hasher implements the Portable PHP password hashing framework, which is used in Content Management Systems like WordPress and Drupal.
They used to use MD5 in the older versions, but sadly for me, no more. You can generate hashes using this encryption scheme at http://scriptserver.mainframe8.com/wordpress_password_hasher.php.
$hash_type$salt$password
If the hash does not use a salt, then there is no $ sign for that. The actual hash in your case is after the 2nd $
The reason for this is, so you can have many types of hashes with different salts and feeds that string into a function that knows how to match it with some other value.
For manually resetting the password in Wordpress DB, a simple MD5 hash is sufficient. (see reason below)
To prevent breaking backwards compatibility, MD5-hashed passwords stored in the database are still valid. When a user logs in with such a password, WordPress detects MD5 was used, rehashes the password using the more secure method, and stores the new hash in the database.
Source: http://eamann.com/tech/wordpress-password-hashing/
Update: this was an answer posted in 2014. I don't know if it still works for the latest version of WP since I don't work with WP anymore.
MD5 worked for me changing my database manually. See: Resetting Your Password
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With