The WordPress password hasher implements the Portable PHP password hashing framework, which is used in Content Management Systems like WordPress and Drupal.

WordPress 密码散列器实现了便携式 PHP 密码散列框架，该框架用于 WordPress 和 Drupal 等内容管理系统。

They used to use MD5 in the older versions, but sadly for me, no more. You can generate hashes using this encryption scheme at http://scriptserver.mainframe8.com/wordpress_password_hasher.php.

他们曾经在旧版本中使用 MD5，但对我来说可悲的是，不再使用了。您可以在http://scriptserver.mainframe8.com/wordpress_password_hasher.php使用此加密方案生成哈希。

$hash_type$salt$password

If the hash does not use a salt, then there is no $sign for that. The actual hash in your case is after the 2nd $

如果散列不使用盐，则没有任何$迹象。您的情况下的实际哈希值在第二个之后$

The reason for this is, so you can have many types of hashes with different salts and feeds that string into a function that knows how to match it with some other value.

这样做的原因是，您可以拥有多种类型的具有不同盐的散列，并将该字符串输入到一个知道如何将其与其他值匹配的函数中。

MD5 worked for me changing my database manually. See: Resetting Your Password

MD5 为我手动更改我的数据库工作。请参阅：重置密码

http://eamann.com/tech/wordpress-password-hashing/

http://eamann.com/tech/wordpress-password-hashing/

To prevent breaking backwards compatibility, MD5-hashed passwords stored in the database are still valid. When a user logs in with such a password, WordPress detects MD5 was used, rehashes the password using the more secure method, and stores the new hash in the database.

为了防止破坏向后兼容性，存储在数据库中的 MD5 哈希密码仍然有效。当用户使用这样的密码登录时，WordPress 会检测到使用了 MD5，使用更安全的方法重新散列密码，并将新的散列存储在数据库中。

This means for manually resetting the password in Wordpress DB, a simple MD5 hash is sufficient.

这意味着要在 Wordpress DB 中手动重置密码，一个简单的 MD5 哈希就足够了。

It depends at least on the version of PHP that is used. wp-includes/class-phpass.phpcontains all the answers.

这至少取决于所使用的 PHP 版本。wp-includes/class-phpass.php包含所有答案。

The best way to do this is using WordPress class to authenticate users. Here is my solutions:

最好的方法是使用 WordPress 类来验证用户。这是我的解决方案：

1. Include following WordPress PHP file:

1. 包含以下 WordPress PHP 文件：

include_once(dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . "wp-includes" . DIRECTORY_SEPARATOR . "class-phpass.php");

include_once(dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . "wp-includes" . DIRECTORY_SEPARATOR . "class-phpass.php");

2. Create an object of PasswordHashclass:

2.创建PasswordHash类的对象：

$wp_hasher = new PasswordHash(8, true);

$wp_hasher = new PasswordHash(8, true);

3. call CheckPasswordfunction to authenticate user:

3.调用CheckPassword函数来验证用户：

$check = $wp_hasher->CheckPassword($password, $row['user_pass']);

$check = $wp_hasher->CheckPassword($password, $row['user_pass']);

4. check $checkvariable:

4.检查$check变量：

if($check) {
   echo "password is correct";
} else {
   echo "password is incorrect";
}

Please Note that: $passwordis the un-hashed password in clear text whereas $row['user_pass']is the hashed password that you need to fetch from the database.

请注意： $password是明文形式的未散列密码，而$row['user_pass']是您需要从数据库中获取的散列密码。

I had same problem finding out what kind of Hash does Wordpress Uses .

我在找出 Wordpress 使用什么样的哈希时遇到了同样的问题。

It is wp hash password.

它是wp hash 密码。

Example

例子

Compare an already hashed password with its plain-text string:

将已散列的密码与其纯文本字符串进行比较：

<?php
$wp_hasher = new PasswordHash(8, TRUE);

$password_hashed = '$P$B55D6LjfHDkINU5wF.v2BuuzO0/XPk/';
$plain_password = 'test';

if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
    echo "YES, Matched";
} else {
    echo "No, Wrong Password";
}
?>

See These Links: https://codex.wordpress.org/Function_Reference/wp_hash_password

请参阅这些链接：https: //codex.wordpress.org/Function_Reference/wp_hash_password

https://developer.wordpress.org/reference/functions/wp_hash_password

https://developer.wordpress.org/reference/functions/wp_hash_password

It uses PasswordHash, which adds salt to the password and hashes it with 8 passes of MD5.

它使用 PasswordHash，它在密码中添加盐并使用 8 次 MD5 对其进行散列。

Start phpMyAdmin and access wp_users from your wordpress instance. Edit record and select user_pass function to match MD5. Write the string that will be your new password in VALUE. Click, GO. Go to your wordpress website and enter your new password. Back to phpMyAdmin you will see that WP changed the HASH to something like $P$B... enjoy!

启动 phpMyAdmin 并从您的 wordpress 实例访问 wp_users。编辑记录并选择 user_pass 函数以匹配 MD5。在 VALUE 中写入将作为新密码的字符串。点击，开始。转到您的 wordpress 网站并输入您的新密码。返回 phpMyAdmin，您将看到 WP 将 HASH 更改为 $P$B 之类的内容...享受吧！

include_once('../../../wp-config.php');

include_once('../../../wp-config.php');

global $wpdb;

全球 $wpdb;

$password = wp_hash_password("your password");

$password = wp_hash_password("你的密码");

Wordpress uses MD5Password hashing. Creates a hash of a plain text password. Unless the global $wp_hasher is set, the default implementation uses PasswordHash, which adds salt to the password and hashes it with 8 passes of MD5. MD5 is used by default because it's supported on all platforms. You can configure PasswordHash to use Blowfish or extended DES (if available) instead of MD5 with the $portable_hashes constructor argument or property.

Wordpress 使用MD5密码散列。创建纯文本密码的哈希。除非设置了全局 $wp_hasher，否则默认实现使用 PasswordHash，它在密码中添加盐并使用 8 次 MD5 对其进行散列。默认情况下使用 MD5，因为它在所有平台上都受支持。您可以将 PasswordHash 配置为使用 Blowfish 或扩展 DES（如果可用）而不是带有 $portable_hashes 构造函数参数或属性的 MD5。