WordPress and SHA256 passwords

Question

i am testing on my wordpress installation to get wordpress using sha256 instead of md5.

i found these snippets to overwrite the pluggable wordpress functions - i putted them into the functions.php of my activated theme:

if( ! function_exists('wp_hash_password') ) {
  function wp_hash_password($password){
     return hash('sha256', $password);
  }
}

if(!function_exists('wp_check_password')):
  function wp_check_password($password, $hash) {
      return hash('sha256', $password) == $hash;
  }
endif;

i used the plain password "test". so i converted it into sha256 and in the database is written:

9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

but i cannot log in with password "test". i cannot understand where my mistake is and ... i am in despair after testing around two hours ^^

if i switch back to 098f6bcd4621d373cade4e832627b4f6 (md5 of test) i can login normally. so the override of the function does not seem to work

this is how to override the pluggable functions from wordpress. if i do not check this, i got a critical error — Pascal Semmel, Jul 14 '20 at 19:56
Yeah, but that's not how you override them. Your if-case will never run (and use sha-256) if the function already exists. Not sure if this is still true: [PHP function overloading](https://stackoverflow.com/questions/4697705/php-function-overloading) — flomei, Jul 15 '20 at 11:01

WordPress and SHA256 passwords

0 Answers0