mrplantplant / wordpress-auth
Use WordPress password authentication on other PHP projects, for instance when migrating to another platform
This package is not auto-updated.
Last update: 2025-07-02 00:08:13 UTC
README
Use this package to compare a given password to a WordPress hashed string. My personal use case is when migrating away from WordPress, but don't want our users to have to reset their password. I'd import the users from the WordPress database into my new data structure, with a user type identifier (so we know which user requires which authentication method). On a successful login, the code knows the correct password and can be passed through to your new hashing method.
Should you need inspiration for a new password hashing method, look at password_hash(). Take particular note at this comment to add additional security.
Usage
Very simple, create a new instance of WPAuth\WordPressAuth
and use the authenticate()
method on it as per the following:
<?php
$authManager = new MrPlantPlant\WPAuth\WordPressAuth();
// Returns true on a successful match, false on mismatch
if ($authManager->authenticate($givenPassword, $storedHash)) {
// Now rehash $givenPassword with your new auth method and save it in your data source!
echo 'success!'
} else {
echo 'password mismatch';
}
?>