close

Slick­Stack

July 2025 promo! Join our Discord free of charge.

Slick­Stack
Lightning-fast WordPress on Nginx
search
menu
search

WPSEC article: Cracking WordPress Passwords with John the Ripper

  • This topic is empty.
Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • June 6, 2024 at 8:59 am #25179
    Gregory
    Guest

    makes it look way too easy to crack WP passwords

    https://blog.wpsec.com/cracking-wordpress-passwords/

    June 6, 2024 at 9:00 am #25180
    Edward
    Guest

    omg

    Now that we have the hashes, we can use a password-cracking tool called John the Ripper (john) to crack it. It comes pre-installed on Kali Linux and is available in most other Linux distros via their package managers (e.g. apt install john). Unfortunately, the john package shipped with apt in Ubuntu and Debian are incomplete (they are not the jumbo version which includes support for everything), so you might have better luck running it with Docker on non-Kali distros.

    June 6, 2024 at 9:00 am #25181
    Ruth
    Guest

    oh great….. here come the Kali Linux stans

    June 6, 2024 at 9:04 am #25182
    Helen
    Guest

    Doesn’t WordPress still use basic MD5 hashing for user passwords in Mysql? might be part of the problem?

    June 6, 2024 at 9:53 am #25183
    Madison
    Guest

    you might have better luck running it with Docker on non-Kali distros.

    Imagine being a hackzor and running Docker to crack passwords lmaooo

    June 6, 2024 at 9:55 am #25184
    Larry
    Guest

    GoDaddy had malware on their servers for years and didn’t know it

    June 23, 2024 at 8:06 pm #25373
    Philip
    Guest

    What’s up with “Thai Visa Centre” and their hacker boss Chad

    June 23, 2024 at 8:37 pm #25375
    Angela
    Guest

    I thought WP Core was moving to bcrypt for passwords

    August 4, 2024 at 8:12 am #25810
    Joshua
    Guest

    Why Does WordPress Continue to Use MD5?
    Rewind the tape a bit, and you’ll see that implementing a strong hashing algorithm into a PHP project wasn’t exactly a walk in the park. However, PHP 5.5 introduced official support for bcrypt, with native functions for both hashing passwords and verifying them during login attempts.

    WordPress’s hashing mechanism does offer sufficient security at this time. Still, many people argue that keeping it as it is makes no sense given the availability of stronger algorithms that can be implemented without too much hassle.

    Yet, WordPress’s development team seems strangely reluctant to make any changes to this particular part of the core. The reason for this is backward compatibility.

    WordPress maintains its popularity and continues to grow its market share not only because it’s incredibly versatile and easy to use but also because it will run on just about any hosting platform. Far too many people use legacy systems to build new projects, and many existing websites run in woefully outdated hosting environments.

    2023 article

    How Does WordPress Hash Passwords?

    September 24, 2024 at 1:52 am #26629
    Joe
    Guest

    my blog is hacking, so i suggest you use strong password. wuwu
    if you use google password , it is very safe

    September 24, 2024 at 1:53 am #26630
    George
    Guest

    my blog is hacking, so i suggest you use strong password. wuwu
    if you use google password , it is very safe

  • Author
    Posts
Viewing 11 posts - 1 through 11 (of 11 total)
Reply To: WPSEC article: Cracking WordPress Passwords with John the Ripper

Thanks to our generous sponsors for their support!