Roots Team Releases wp-password-bcrypt Plugin to Improve WordPress Password Security
This week the Roots development team released wp-password-bcrypt, a plugin that uses bcrypt instead of MD5 password hashing. MD5’s known and exploited weaknesses have rendered it “cryptographically broken and unsuitable for further use,” according to the CMU Software Engineering Institute. In a post announcing the plugin, Scott Walkinshaw explained why WordPress’ default MD5 hashing function…