Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Stephen Limmex
32,604 PointsWhere/how to store passwords?
Where/how do you recommend we store passwords? What is the best practice? Mentioned in the video is the practice of saving a password for the admin's records.
1 Answer
Kevin Korte
28,148 PointsAssuming you're talking about storing passwords in the wordpress database, like if you had a custom login or something. Wordpress provides functions that save and retrieve user accounts and passwords. These functions should salt and save the hashed password. And than the functions wordpress provides will hash the incoming password and compare it to the hashed password in the database.
https://codex.wordpress.org/Function_Reference/wp_hash_password
https://codex.wordpress.org/Function_Reference/wp_set_password
Now if we look at the source for wp_set_password
function wp_set_password( $password, $user_id ) {
2214 global $wpdb;
2215
2216 $hash = wp_hash_password( $password );
2217 $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );
2218
2219 wp_cache_delete($user_id, 'users');
2220 }
Which you can see it's updating the users table, with the hashed password.