close

Slick­Stack

February 2025 promo! Join our Discord free of charge.

Slick­Stack
Lightning-fast WordPress on Nginx

WPSEC article: Cracking WordPress Passwords with John the Ripper

  • This topic is empty.
Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #25179
    Gregory
    Guest

    makes it look way too easy to crack WP passwords

    https://blog.wpsec.com/cracking-wordpress-passwords/

    #25180
    Edward
    Guest

    omg

    Now that we have the hashes, we can use a password-cracking tool called John the Ripper (john) to crack it. It comes pre-installed on Kali Linux and is available in most other Linux distros via their package managers (e.g. apt install john). Unfortunately, the john package shipped with apt in Ubuntu and Debian are incomplete (they are not the jumbo version which includes support for everything), so you might have better luck running it with Docker on non-Kali distros.

    #25181
    Ruth
    Guest

    oh great….. here come the Kali Linux stans

    #25182
    Helen
    Guest

    Doesn’t WordPress still use basic MD5 hashing for user passwords in Mysql? might be part of the problem?

    #25183
    Madison
    Guest

    you might have better luck running it with Docker on non-Kali distros.

    Imagine being a hackzor and running Docker to crack passwords lmaooo

    #25184
    Larry
    Guest
    #25373
    Philip
    Guest
    #25375
    Angela
    Guest

    I thought WP Core was moving to bcrypt for passwords

    #25810
    Joshua
    Guest

    Why Does WordPress Continue to Use MD5?
    Rewind the tape a bit, and you’ll see that implementing a strong hashing algorithm into a PHP project wasn’t exactly a walk in the park. However, PHP 5.5 introduced official support for bcrypt, with native functions for both hashing passwords and verifying them during login attempts.

    WordPress’s hashing mechanism does offer sufficient security at this time. Still, many people argue that keeping it as it is makes no sense given the availability of stronger algorithms that can be implemented without too much hassle.

    Yet, WordPress’s development team seems strangely reluctant to make any changes to this particular part of the core. The reason for this is backward compatibility.

    WordPress maintains its popularity and continues to grow its market share not only because it’s incredibly versatile and easy to use but also because it will run on just about any hosting platform. Far too many people use legacy systems to build new projects, and many existing websites run in woefully outdated hosting environments.

    2023 article

    How Does WordPress Hash Passwords?

    #26629
    Joe
    Guest

    my blog is hacking, so i suggest you use strong password. wuwu
    if you use google password , it is very safe

    #26630
    George
    Guest

    my blog is hacking, so i suggest you use strong password. wuwu
    if you use google password , it is very safe

Viewing 11 posts - 1 through 11 (of 11 total)
Reply To: WPSEC article: Cracking WordPress Passwords with John the Ripper

Thanks to our generous sponsors for their support!