Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

WordPress WordPress User Roles An Overview of User Roles The Subscriber Role in WordPress

Stephen Limmex
Stephen Limmex
32,604 Points

Where/how to store passwords?

Where/how do you recommend we store passwords? What is the best practice? Mentioned in the video is the practice of saving a password for the admin's records.

1 Answer

Kevin Korte
Kevin Korte
28,111 Points

Assuming you're talking about storing passwords in the wordpress database, like if you had a custom login or something. Wordpress provides functions that save and retrieve user accounts and passwords. These functions should salt and save the hashed password. And than the functions wordpress provides will hash the incoming password and compare it to the hashed password in the database.



Now if we look at the source for wp_set_password

function wp_set_password( $password, $user_id ) {
2214            global $wpdb;
2216            $hash = wp_hash_password( $password );
2217            $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );
2219            wp_cache_delete($user_id, 'users');
2220    }

Which you can see it's updating the users table, with the hashed password.