這個外掛並未在最新的 3 個 WordPress 主要版本上進行測試。開發者可能不再對這個外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。

wp-bcrypt

外掛說明

WordPress uses phpass to store passwords. Because WordPress has to work everywere, it uses the portable version of phpass,
which uses MD5 to hash passwords. MD5 is not a very good hashing algorithm for passwords, because it’s relatively fast.

This plugin switches over to bcrypt, which is the algorithm recommended by phpass, and is a much better option for password
storage because it is much slower to produce. This makes it much harder for an attacker who’s managed to access your hashed
passwords to obtain plain text passwords by brute-forcing, or by trying passwords from a dictionary.

Note: this plugin requires PHP 5.3.0 or newer

Be aware that if you use this plugin and then move to a host that does not support bcrypt, you will need to reset any user
account that you want to log in with.

安裝方式

  1. Upload the wp-bcrypt directory to the wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress

常見問題集

How do you change the hashes?

Users’ hashes are changed to bcrypt when they first login in after the plugin is activated. All of WordPress’s built-in functions
will use bcrypt too, when intially creating an account, changing your password, or adding a password to a post.

What happens if I deactivate the plugin?

As long as you have bcrypt support (PHP 5.3.0 or newer) WordPress will happily continue checking passwords that are hashed using
bcrypt. Everything should work fine. But any new passwords you hash (for a new account, or changing an existing account) will be
made using MD5.

使用者評論

閱讀全部 4 則使用者評論

參與者及開發者

以下人員參與了開源軟體〈wp-bcrypt〉的開發相關工作。

參與者

將〈wp-bcrypt〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄

變更記錄

1.0.1

  • Readme improvements

1.0.0

  • Initial release