Skip to content

0.2.0

Latest
Latest

Choose a tag to compare

View all tags
@disisto disisto released this 22 Nov 00:34
0.2.0
daa56b9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

[0.2.0] - 2025-11-22

Added

  • Support for WordPress 6.8+ password hashes with $wp$ prefix
  • Implements WordPress 6.8 HMAC-SHA384 + Base64 password verification method
  • Support for standard BCrypt hashes ($2y$, $2a$, $2b$) without prefix
  • Debug logging for password hash detection and verification process

Changed

  • Completely rewritten verifyPassword() method to match WordPress 6.8 behavior
  • WordPress 6.8+ now uses hash_hmac('sha384', password, 'wp-sha384') before BCrypt

Maintained

  • Full backward compatibility with legacy phpass hashes ($P$, $H$)
  • Existing configuration and database structure remain unchanged

⚠️ This is expected to be the final update. Development of this tool will be discontinued as both development and production environments have been fully migrated to Keycloak.

Assets 2
Loading