云策 WordPress 开发者社区

钩子文档

wp_hash_password_algorithm

查看官方原文 ↗
💡 云策文档标注

概述

wp_hash_password_algorithm 是一个 WordPress 过滤器,用于自定义 password_hash() 和 password_needs_rehash() 函数中使用的密码哈希算法。默认使用 bcrypt 算法,但开发者可以替换为其他算法,需注意服务器支持性。

关键要点

  • 过滤器名称:wp_hash_password_algorithm,默认值为 PASSWORD_BCRYPT(即 bcrypt 算法)。
  • bcrypt 是唯一保证在所有 PHP 安装中可用的密码哈希算法;使用其他算法(如 PASSWORD_ARGON2I、PASSWORD_ARGON2ID、PASSWORD_DEFAULT)前,必须通过 password_algos() 检查服务器支持性。
  • 哈希选项可通过 wp_hash_password_options 过滤器进一步控制。
  • 算法常量在 PHP 7.4+ 中为字符串,在 PHP 7.3 及更早版本中为整数。
  • 相关函数:wp_password_needs_rehash() 用于检查密码哈希是否需要重新哈希,wp_hash_password() 用于生成密码哈希。
  • 引入版本:WordPress 6.8.0。
📄 原文内容

Filters the hashing algorithm to use in the password_hash() and password_needs_rehash() functions.

Description

The default is the value of the PASSWORD_BCRYPT constant which means bcrypt is used.

Important: The only password hashing algorithm that is guaranteed to be available across PHP installations is bcrypt. If you use any other algorithm you must make sure that it is available on the server. The password_algos() function can be used to check which hashing algorithms are available.

The hashing options can be controlled via the ‘wp_hash_password_options’ filter.

Other available constants include:

  • PASSWORD_ARGON2I
  • PASSWORD_ARGON2ID
  • PASSWORD_DEFAULT

The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier.

Parameters

$algorithmstring|int
The hashing algorithm. Default is the value of the PASSWORD_BCRYPT constant.

Source

$algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );

View all references View on Trac View on GitHub

Used by Description
wp_password_needs_rehash()wp-includes/pluggable.php

Checks whether a password hash needs to be rehashed.
wp_hash_password()wp-includes/pluggable.php

Creates a hash of a plain text password.

Changelog

Version Description
6.8.0 Introduced.