This WordPress Password Hash Generator uses the official WordPress hashing function wp_hash_password() behind the scenes and wp_hash_password() in turn implements the Portable PHP password hashing framework or phpass (pronounced “pH pass”). With this tool, you can convert a password to its hash code (or hash sum or checksum), which can then be used to set a new password directly in the WordPress MySQL database.
Just enter the password and press the “Hash this Phrase” button above.
Note: Any leading and trailing whitespace(s) will be trimmed from your password phrase.
The output format is: $hash_type$salt$password
If the hash does not use a salt, then there is no $ sign for that. The whole thing is stored in the WordPress database just like that. However, the actual password hash is really just the text after the last $ sign.
I created this tool with server administrators and web masters in mind – they often need to assist clients who lock themselves out of their WordPress websites. However, I’m sure it can easily be adapted to quite a lot of use cases. I have even needed to use it sometimes on my own websites and I wrote a detailed article explaining various methods you can use to regain access to a WordPress website that you locked yourself out of. Two of the four methods discussed in that article utilize this tool for generating the WordPress password hash code.
Another Note: If you hash the same password multiple times, it is completely normal for the output hash code to be different every time. This is by design. The underlying hashing function is designed to generate a random salt every time. The security advantage of this is that each hash will need to be broken individually instead of guessing one salt used for everything and having a huge leg up.
If you found this tool useful, or have a question, or want to request an enhancement, please leave me a comment using the comments box below. Happy hacking!
Leave a Reply