Hi Team,

I was planning to use this plugin to enforce password security. Will there be any impact on the existing users? Will they be forced to change their passwords?

Cheers,
Poonam

Hello.

First of all, congratulations for Better Passwords plug-in.

I’m interested in having this great plug-in translated to spanish. Let me know if you need help with this. I’ll be glad to volunteer for this task.

I run a site called Cibersergei (https://cibersergei.com) focused on cybsercurity and education. It’s a non-profit site for end-users to help them create cybersecurity awareness and reach their goals protecting what it is most important.
Even though the site is in spanish, I’ve integrated automated translation to english (just click on the US flag at the top-right of the home page) in case you would like to take a look.

Looking forward to hearing and collaborating with you

Sergio Kogan,

I am running the following:
WordPress 5.5.1
Better Passwords version
PHP 7.4.11
mySQL 5.7.23

I also cannot change the Hashing Algorithm from the default.

Looking at the plugin code, the advanced algorithm selection options are disabled after (
wisely) checking to see if the compiled version of PHP supports them. There is nothing in the plugin documentation that states this requirement complication. It’s not just the version number itself.

From the PHP documentation on the password_hash() function used by the Better Words plugin (the italic emphasis is mine):

password_hash() creates a new password hash using a strong one-way hashing algorithm. The following algorithms are currently supported:

PASSWORD_DEFAULT – Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).

PASSWORD_BCRYPT – Use the CRYPT_BLOWFISH algorithm to create the hash. This will produce a standard crypt() compatible hash using the “$2y$” identifier. The result will always be a 60 character string, or FALSE on failure.

PASSWORD_ARGON2I – Use the Argon2i hashing algorithm to create the hash. This algorithm is only available if PHP has been compiled with Argon2 support.

PASSWORD_ARGON2ID – Use the Argon2id hashing algorithm to create the hash. This algorithm is only available if PHP has been compiled with Argon2 support.

Better Passwords verifies that Argon2i and Argon2id are available by attempting to create a hash. If the attempt fails, that algorithm’s option is disabled.

So I guess I’ll have to check with the hosting company to see about getting the required compilation of PHP 7.4.

Rik, please update the Better Passwords documentation to include this information.

In the meantime, I’m happy using the Bcrypt default option as this passwords functionality is far better than what WordPress itself offers.

I am running the following:
WordPress 5.3.2
Better Passwords version
PHP 7.3.14
mySQL 5.6.40

I cannot change the Hashing Algorithm from the default. Any thoughts why this may be?